Differentiate between Vulnerability & Threat

What is a Threat?

A threat is what we’re trying to protect against.Our enemy could be Earthquake, Fire, Hackers, Malware, System Failure, Criminals and many other unknown forces.

What is Vulnerability?

Vulnerability is a weakness or gap in our protection efforts. Vulnerability can be in form of weak coding, missing anti-virus, weak access control and other related factors.

What is a Risk?

Risk= Vulnerability * Threat

Risk is the product of vulnerability and threat. That is, we get a risk when our systems have a vulnerability that a given threat can attack. Thus, threats may exist, but if there are no vulnerabilities then there is no risk. Similarly, you can have vulnerability, but if you have no threat, then you have no risk.

There should be presence of both the elements (i.e. V*T) to constitute a risk.

Now, let us attempt below exercise to understand the terms more precisely:

(i) “Door is open. Please close it to avoid thieves .If they gets in, we will be robbed”

Identify Threat/Vulnerability/Risk from above statement.

Threat:

Vulnerability:

Risk:

(ii) “If antiviruses are not updated regularly, then new type of virus can destroy our data”

Identify Threat/Vulnerability/Risk from above statement.

Threat:

Vulnerability:

Risk:

Please provide your answers in comment box.  In case of any queries, please do write.

Views : 386

Leave a Reply

Your email address will not be published. Required fields are marked *