Daniel Messiler has an interesting essay about threats, vulnerabilities, and risks that is worth a quick read.
He summarizes this way:
- A Threat is a negative scenario you want to avoid
- A Threat Actor is the agent that makes a Threat happen
- A Vulnerability is a weakness that can be exploited in order to attack you
- A Risk is a negative scenario you want to avoid, combined with its probability and its impact
- The difference between a Threat and a Risk is that a Threat is a negative event by itself, where a Risk is the negative event combined with its probability and its impact
Like this blog? You'll like my books also! Buy them at any online book retailer!
