Week 3
Someone recently asked me what was the difference between a threat and vulnerability. That is honestly a good question. It was mentioned, by the person asking, that they thought they were one in the same. I asked their rational, but did not get a good explanation as to why they felt that way. These two topics are not one in the same, but they should be discussed together when looking at the security of your business.
In all my studies, I found one definition that I really enjoyed for the description of the word, threats. Michael Whitman and Herbert Mattord define a threat as "a category of objects, persons, or other entities that represents a constant danger to an asset (Whitman & Mattord, 2010)." What this means is that a threat is an actual thing that could cause a danger to something that you own. Take for example, your house. Take that definition and determine a threat to your house now. One of the biggest threats to your house is a natural disaster such as a tornado or flood. Because this represents a constant danger to your house, it is considered a threat. Need another example? Let's use a technology of some sort this time with your computer. One of the biggest threats to your computer is a hacker. They are people that love to spend their time trying to access your computer.
When it comes to vulnerabilities, I really haven't found a definition that I absolutely love. There are so many out there because it encompasses several topics not just technology. One of the best ones I have found that can be tweaked to help define vulnerability generally is from Tech Republic writer, Chad Perrin. A vulnerability is a flaw in a resource that will eventually allow an attack or damage to occur to that resource (Perrin, 2009). Let us look at the example of the house from the previous paragraph. A vulnerability of a house could be that it was built with cheaper wood than other houses. That wood could eventually break easier during a storm, thus causing it to collapse. The cheaper wood is the vulnerability. When it comes to your computer, there are many types of vulnerabilities, but one of the biggest that a hacker finds often is that a user will use a weak password. Having a password that is weak enough to let a hacker in is considered a computer vulnerability.
You have to realize that threats and vulnerabilities are every where, but they are also not one in the same. Threats are the entities that can do the damage, while vulnerabilities are the flaws that help the damage occur. When looking at your own threats and vulnerabilities, keep that in mind. Hopefully, if you have had any questions about these two, this blog has helped you understand them a bit better.
References:
Perrin, C. (2009). Understanding risk, threat and vulnerability. Retrieved March 29, 2014
from http://www.techrepublic.com/blog/it-security/understanding-risk-threat-and-vulnerability/
Whitman, M & Mattord, H. (2010). Management of Information Security. Boston, MA: Course Technology, Cengage Learning.
No comments:
Post a Comment