Well, it might be a foreign term to those who are not in IT security industry and what difference it makes to their infrastructure. People tend to mistake these terms according to their convenience. This blog will to some extent help them understand the term.
An asset is what we’re trying to protect.
Asset – People, property, and information. People may include employees and customers along with other invited persons such as contractors or guests. Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. Information may include databases, software code, critical company records, and many other intangible items.
Threat – Anything that can exploit vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
A threat is what we’re trying to protect against.
Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. Vulnerability is a weakness or gap in our protection efforts.
Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting vulnerability. The risk is the intersection of assets, threats, and vulnerabilities.
Why is it essential to comprehend the contrast between these terms? By chance is that you don’t comprehend the distinction, you’ll never comprehend the genuine risk to resources. When directing a risk evaluation, the equation used to decide chance is.
That is, Asset + Threat + Vulnerability = Risk (A + T + V = R)
The risk is a function of threats misusing vulnerabilities to acquire, harm or destroy assets. In this manner, threat no matter if it is real, conceptual or intrinsic it is likely to exist, however, in the event, if there are no vulnerabilities then there is pretty much nothing risky. Likewise, you can be vulnerable; however, in the event that you have no danger, at that point, you have pretty no danger.
Accurately assessing threats and recognizing vulnerabilities are basic to understanding the hazard to resources. Understanding the contrast between dangers, vulnerabilities, and hazard is the initial step.