Threats are basically the enemies we are fighting. Threat is anything (person/thing) which can cause an adverse impact on the organization’s business and business processes. Impact can be loss of integrity/confidentiality or/and availability of information. Some examples of threats to business are malware, earthquake, hackers etc.
Vulnerability is a weakness which a threat can exploit to cause harm to the organization. It’s an inherent weakness that threat can utilize to cause loss of Confidentiality, Integrity, Availability (CIA). We can understand vulnerability by following analogy; Earthquake is a threat and if a building does not have earthquake sustaining measures then that’s the vulnerability an earthquake can exploit.
From Network perspective there can be following types of vulnerabilities:
- Network misconfiguration
- Network Design flaws
- Inherent protocol weaknesses
- Inherent encryption protocol/algorithm weaknesses
- Operating system weaknesses
- Access control misconfigurations etc.
Risk is the potential of a threat to exploit the vulnerability along with its probability. It is basically a product of the impact of threat exploiting the vulnerability of an organization and the probability of the threat exploiting vulnerability. There may be a threat which can exploit a vulnerability and cause great damage to the organization but if probability of this scenario is not must then risk is not much as well.
If you are a Network Engineer, IT Head, Network Manager, Network Planning Engineer, Network Operation Engineer interested in understanding Network Security then check out our book on Practical Network Security
If you are looking to know more about Cryptography, Information Security, Network Security, Risk Assessment, and Access Control to differentiate yourself in the IT industry, then check BPB Online. We offer relevant and high-quality Cybersecurity books written by a community of instructors, experts, and leaders. You can also check our catalog on Amazon.