Our Logo
Our Courses

Threat, Vulnerability & Risk – Cyber Security Concepts

The most commonly mixed up security terms; Threat, vulnerability, and risk.

While it might be unreasonable to expect those outside the security industry to understand the differences, more often than not, many in the business use these terms incorrectly or interchangeably. Maybe some definitions (from Strategic Security Management) might help.

Asset – People, property, and information.  People may include employees and customers along with other invited persons such as contractors or guests.  Property assets consist of both tangible and intangible items that can be assigned a value.  Intangible assets include reputation and proprietary information.  Information may include databases, software code, critical company records, and many other intangible items.

An asset is what we’re trying to protect.

Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.

A threat is what we’re trying to protect against.

Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.

A vulnerability is a weakness or gap in our protection efforts.

Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.

Risk is the intersection of assets, threats, and vulnerabilities.

Why is it important to understand the difference between these terms? If you don’t understand the difference, you’ll never understand the true risk to assets.  You see, when conducting a risk assessment, the formula used to determine risk is:

A + T + V = R

That is, Asset + Threat + Vulnerability = Risk.

Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats (actual, conceptual, or inherent) may exist, but if there are no vulnerabilities then there is little/no risk. Similarly, you can have a vulnerability, but if you have no threat, then you have little/no risk.

Accurately assessing threats and identifying vulnerabilities is critical to understanding the risk to assets.  Understanding the difference between threats, vulnerabilities, and risk is the first step.

Amana Bank Tanzania
East Africa Breweries LTD
East Africa Bank Djibouti
First Atlantic Bank Ghana
Zigama CSS rwanda
Finplus Kenya
Asante Finace Group Kenya
Our Logo

established in Nairobi Kenya, Creative Ground Tech strives to promote Cyber Security Awareness and offer a world class Cyber Security and Data Science training courses. we believe in Africa and we are building Africa’s next generation of skilled Data Scientists and cybersecurity professionals through hands-on training courses.

Head Office

Site Links

Services

Recent Posts

Ⓒ - All Rights Are Reserved. Creative Ground Technologies

error: Content is protected !!
Our Logo

Our training courses are designed to help businesses develop the workforce with the vital skills any organization requires.

The #1 cyber security and data science training provider in Africa.

Our Courses

Newsletter

Sign up to our newsletter