top button

What is the difference between a threat, vulnerability, and a risk?

0 votes
posted Jun 28, 2017 by anonymous

Share this question
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button

1 Answer

0 votes

The Threat, Vulnerability, and Risk these terms are interrelated but not the same.

Threat : A cyber threat is a malicious act that seeks to steal or damage data or discompose the digital network or system. Threats can also be defined as the possibility of a successful cyber attack to get access to the sensitive data of a system unethically. Examples of threats include computer viruses, Denial of Service (DoS) attacks, data breaches, and even sometimes dishonest employees.

Vulnerability : In cybersecurity, a vulnerability is a flaw in a system’s design, security procedures, internal controls, etc., that can be exploited by cybercriminals. In some very rare cases, cyber vulnerabilities are created as a result of cyberattacks, not because of network misconfigurations. Even it can be caused if any employee anyhow downloads a virus or a social engineering attack.

Risk : Cyber risk is a potential consequence of the loss or damage of assets or data caused by a cyber threat. Risk can never be completely removed, but it can be managed to a level that satisfies an organization’s tolerance for risk. So, our target is not to have a risk-free system, but to keep the risk as low as possible.
Cyber risks can be defined with this simple formula, Risk = Threat + Vulnerability

answer Mar 21, 2022 by Akash Deshbhratar