Abstract image of a woman sitting on books and studying on a laptop

Threat vs risk vs attack vs Asset vs vulnerability

Download as PPTX, PDF
Osama Ellahi, profile picture
Osama Ellahi

The document outlines the concepts of threats, assets, attacks, vulnerabilities, and risks within an information security context. A threat is identified as a potential cause of harm to an asset, while vulnerabilities represent weaknesses that can be exploited by these threats. Risk is described as the intersection of assets, threats, and vulnerabilities, highlighting the potential for loss or damage when a threat exploits a vulnerability.

Technology
Related topics:
Threat Intelligence Information Security
1 of 7
Download to read offline
1
2
Most read
3
Most read
4
5
6
7
Threat Asset Attack Risk Vulnerability Osama ellahi significantbyte.com
Threat Threat is a potential cause of an incident that may result in loss or physical damage to the computer systems. OR A threat is what we’re trying to protect against. OR Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. Natural Threats such as floods, hurricanes, or tornadoes Unintentional threats like an employee mistakenly accessing the wrong information Intentional threats such as spyware, malware, adware companies, or the actions of a disgruntled employee 2
Asset People People may include employees and customers along with other invited persons such as contractors or guests Property Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. It may include databases, software code, critical company records, and many other intangible items. 1 2 3 Asset is what we are trying to protect. 3
Attack Act or action that exploits vulnerability (i.e., an identified weakness) in controlled system OR Accomplished by threat agent which damages or steals organization’s information Active attacks attempts to alter system resources or effect their operations Passive attacks attempts to learn or make use of information from the system but does not affect system resources 4
Vulnerability Bugs 5 Weak credentials Unpatched software Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. OR A vulnerability is a weakness or gap in our protection efforts. Reasons of vulnerability  Malicious InsiderMissing data encryption. Phishing, Web & Ransomware
Risk The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. OR Risk is the intersection of assets, threats, and vulnerabilities. 6 New incident has potential to harm a system Known weakness of an asset that hackers could exploit The potential of loss or damage when a threat exploit a vulnerability
References 1. http://significantbyte.com/posts/106 2. https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk- commonly-mixed-up- terms/#:~:text=A%20threat%20is%20what%20we,unauthorized%20access %20to%20an%20asset.&text=Risk%20%E2%80%93%20The%20potential% 20for%20loss,a%20threat%20exploiting%20a%20vulnerability. 3. https://securityboulevard.com/2020/05/the-9-types-of-security- vulnerabilities/ 4. https://www.bmc.com/blogs/security-vulnerability-vs-threat-vs-risk-whats- difference/ 5. https://www.logixconsulting.com/2020/01/17/cyber-threat-vs-vulnerability- vs-risk/ 6. https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk- commonly-mixed-up- terms/#:~:text=Risk%20is%20the%20intersection%20of%20assets%2C%20 threats%2C%20and%20vulnerabilities.&text=You%20see%2C%20when%20 conducting%20a,%2B%20Threat%20%2B%20Vulnerability%20%3D%20Ris k. 7. https://www.techopedia.com/definition/6060/attack 8. https://www.geeksforgeeks.org/active-and-passive-attacks-in-information- security/ 9. https://blog.logsign.com/what-are-the-types-of-cyber-security- vulnerabilities/ 7

More Related Content

PPS
Physical security.ppt
Faheem Ul Hasan
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
PPT
Indian perspective of cyber security
Aurobindo Nayak
 
PPTX
Physical Security Assessment
Faheem Ul Hasan
 
PPTX
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
PDF
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
 
PDF
ISO 27001
n|u - The Open Security Community
 
PDF
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Physical security.ppt
Faheem Ul Hasan
 
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Indian perspective of cyber security
Aurobindo Nayak
 
Physical Security Assessment
Faheem Ul Hasan
 
Chapter 11: Information Security Incident Management
Nada G.Youssef
 
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
 
ISO 27001
n|u - The Open Security Community
 
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 

What's hot (20)

PDF
Malware and security
Gurbakash Phonsa
 
PDF
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
PDF
Maturity Model of Security Disciplines
Florian Roth
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PPTX
What is Threat Hunting? - Panda Security
Panda Security
 
PPT
Basics of Information System Security
chauhankapil
 
PPTX
kill-chain-presentation-v3
Shawn Croswell
 
PDF
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
PDF
Security Awareness Training
Daniel P Wallace
 
PPTX
Cybersecurity
ANGIEPAEZ304
 
PDF
Cyber Security
Ncell
 
PPTX
Xss attack
Manjushree Mashal
 
PPT
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PPTX
Physical security
Tariq Mahmood
 
PPSX
8 Access Control
Alfred Ouyang
 
PDF
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
PPTX
Web application security
Kapil Sharma
 
PPTX
Operational Security
Splunk
 
PPTX
Cyber Threat Intelligence
Prachi Mishra
 
PPTX
Introduction to SOC
Boni Yeamin
 
Malware and security
Gurbakash Phonsa
 
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Maturity Model of Security Disciplines
Florian Roth
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
What is Threat Hunting? - Panda Security
Panda Security
 
Basics of Information System Security
chauhankapil
 
kill-chain-presentation-v3
Shawn Croswell
 
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Security Awareness Training
Daniel P Wallace
 
Cybersecurity
ANGIEPAEZ304
 
Cyber Security
Ncell
 
Xss attack
Manjushree Mashal
 
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Physical security
Tariq Mahmood
 
8 Access Control
Alfred Ouyang
 
Cybersecurity 101 - Auditing Cyber Security
Eryk Budi Pratama
 
Web application security
Kapil Sharma
 
Operational Security
Splunk
 
Cyber Threat Intelligence
Prachi Mishra
 
Introduction to SOC
Boni Yeamin
 
Ad

Similar to Threat vs risk vs attack vs Asset vs vulnerability (20)

PPTX
lect 5.pptx74564565444674345-753467545674
t2767514
 
PDF
BCS ITNow 201406 - The Risk Business
Gareth Niblett
 
PDF
Justifying IT Security: Managing Risk
judythornell
 
PDF
Understanding the Difference Between a Vulnerability, Threat, and Risk in Cyb...
SafeAeon Inc.
 
PPSX
Asset, Threat, Vulnerability, Risk
Vinay Attry
 
PPTX
PPT0-Computer Security Concepts.pptx
PiBits
 
PPT
Rm
ansulag19
 
PPTX
Cyber Security # Lec 3
Kabul Education University
 
PPT
Lecture1 intro to cs
Doneisha McKenzie
 
ODP
Network Security Topic 1 intro
Khawar Nehal [email protected]
 
PPTX
3-UnitV_security.pptx
SubhadipDutta36
 
PPTX
Information security FundameFundamentals.pptx
atuexaminations
 
PDF
Ch07 Managing Risk
phanleson
 
PDF
Chapter 4 vulnerability threat and attack
newbie2019
 
PPT
Information security introduction
Prachi Gulihar
 
PPT
Chapter 1 overview
dr_edw777
 
PPTX
Iso27001 Risk Assessment Approach
tschraider
 
PPTX
MIS: Information Security Management
Jonathan Coleman
 
PDF
Risk Assessments
JoAnna Cheshire
 
DOCX
CHAPTER2Managing Risk Threats, Vulnerabilities, and Exploit.docx
tiffanyd4
 
lect 5.pptx74564565444674345-753467545674
t2767514
 
BCS ITNow 201406 - The Risk Business
Gareth Niblett
 
Justifying IT Security: Managing Risk
judythornell
 
Understanding the Difference Between a Vulnerability, Threat, and Risk in Cyb...
SafeAeon Inc.
 
Asset, Threat, Vulnerability, Risk
Vinay Attry
 
PPT0-Computer Security Concepts.pptx
PiBits
 
Rm
ansulag19
 
Cyber Security # Lec 3
Kabul Education University
 
Lecture1 intro to cs
Doneisha McKenzie
 
Network Security Topic 1 intro
Khawar Nehal [email protected]
 
3-UnitV_security.pptx
SubhadipDutta36
 
Information security FundameFundamentals.pptx
atuexaminations
 
Ch07 Managing Risk
phanleson
 
Chapter 4 vulnerability threat and attack
newbie2019
 
Information security introduction
Prachi Gulihar
 
Chapter 1 overview
dr_edw777
 
Iso27001 Risk Assessment Approach
tschraider
 
MIS: Information Security Management
Jonathan Coleman
 
Risk Assessments
JoAnna Cheshire
 
CHAPTER2Managing Risk Threats, Vulnerabilities, and Exploit.docx
tiffanyd4
 
Ad

Recently uploaded (20)

PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
Two-dimensional Klein-Gordon and Sine-Gordon numerical solutions based on dee...
IAESIJAI
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Modernising the Digital Integration Hub
Daniel Toomey
 
What is a Computer? Input Devices /output devices
GulJan8
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Two-dimensional Klein-Gordon and Sine-Gordon numerical solutions based on dee...
IAESIJAI
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 

Threat vs risk vs attack vs Asset vs vulnerability

  • 2. Threat Threat is a potential cause of an incident that may result in loss or physical damage to the computer systems. OR A threat is what we’re trying to protect against. OR Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. Natural Threats such as floods, hurricanes, or tornadoes Unintentional threats like an employee mistakenly accessing the wrong information Intentional threats such as spyware, malware, adware companies, or the actions of a disgruntled employee 2
  • 3. Asset People People may include employees and customers along with other invited persons such as contractors or guests Property Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. It may include databases, software code, critical company records, and many other intangible items. 1 2 3 Asset is what we are trying to protect. 3
  • 4. Attack Act or action that exploits vulnerability (i.e., an identified weakness) in controlled system OR Accomplished by threat agent which damages or steals organization’s information Active attacks attempts to alter system resources or effect their operations Passive attacks attempts to learn or make use of information from the system but does not affect system resources 4
  • 5. Vulnerability Bugs 5 Weak credentials Unpatched software Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. OR A vulnerability is a weakness or gap in our protection efforts. Reasons of vulnerability  Malicious InsiderMissing data encryption. Phishing, Web & Ransomware
  • 6. Risk The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. OR Risk is the intersection of assets, threats, and vulnerabilities. 6 New incident has potential to harm a system Known weakness of an asset that hackers could exploit The potential of loss or damage when a threat exploit a vulnerability
  • 7. References 1. http://significantbyte.com/posts/106 2. https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk- commonly-mixed-up- terms/#:~:text=A%20threat%20is%20what%20we,unauthorized%20access %20to%20an%20asset.&text=Risk%20%E2%80%93%20The%20potential% 20for%20loss,a%20threat%20exploiting%20a%20vulnerability. 3. https://securityboulevard.com/2020/05/the-9-types-of-security- vulnerabilities/ 4. https://www.bmc.com/blogs/security-vulnerability-vs-threat-vs-risk-whats- difference/ 5. https://www.logixconsulting.com/2020/01/17/cyber-threat-vs-vulnerability- vs-risk/ 6. https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk- commonly-mixed-up- terms/#:~:text=Risk%20is%20the%20intersection%20of%20assets%2C%20 threats%2C%20and%20vulnerabilities.&text=You%20see%2C%20when%20 conducting%20a,%2B%20Threat%20%2B%20Vulnerability%20%3D%20Ris k. 7. https://www.techopedia.com/definition/6060/attack 8. https://www.geeksforgeeks.org/active-and-passive-attacks-in-information- security/ 9. https://blog.logsign.com/what-are-the-types-of-cyber-security- vulnerabilities/ 7