What is Vulnerability?

Vulnerability is a known weakness in an IT system or organization. It is also called a weak link in the system. One example of vulnerability is a former employee of an organization or company if you have not disabled access to the company’s login credentials. Define a process to remove all accounts and permission when an employee leaves the organization. Identification of security vulnerabilities is important in any organization. After identifying, and understanding vulnerabilities, and mitigating them if possible. Configure proper controls and policies while implementing. Weaknesses in the system should be identified, and proactive measures should be taken to correct identified vulnerabilities in the system. As a security professional, identifying vulnerabilities is the first step toward a secure IT system.

 What is the Threat?

The Threat is defined as an incident that causes harm to the organization. Harm may be in the form of sensitive data theft or any other incident that harms the organization’s reputation or business. Threats can be characterized mainly by three types: natural threats, unintentional threats, and intentional threats. Natural threats happen due to natural disasters such as floods, hurricanes, earthquakes, etc. Unintentional threats are generally those incidents that occurred because of the mistake of an employee of the same organization. There are many examples of Intentional threats, including spyware, adware, and other attacks done by hackers to harm the reputation or for any monetary gain. Wanna cry ransomware? The Petya ransomware attack is the best example of an intentional threat that happened recently.

Threats are generally not in control although they can be minimized by defining strict policies and following best practices.

What is Risk?

The risk is the potential loss of an organization on exploiting the vulnerability of the threat agent. Examples of risk include loss of reputation, sensitive data loss, monetary loss, etc. The risk is directly proportional to vulnerability and threat; it is also defined as a product of threat and vulnerability.

Risk = Threat X Vulnerability

Although the probability of Risk can be reduced by following best practices to manage IT systems.

Conclusion

Regular Vulnerability Assessments and Penetration Testing by the external organization is one such measure to reduce risk in the IT system of an organization.

The post Difference between Vulnerability, Threat and Risk first appeared on All About Testing.