Security basics: definitions of threat, attack, and vulnerability 3 Replies Often the terms threat, attack, and vulnerability are interchanged and misused. Each is defined here. Definition of threat: the expressed potential for the occurrence of a harmful event such as an attack. Definition of attack: an action taken against a target with the intention of doing harm. Definition of vulnerability: a weakness that makes targets susceptible to an attack. Excerpt from CISSP Guide to Security Essentials, chapter 10 Share this with others:ShareClick to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)Click to print (Opens in new window)Click to share on Tumblr (Opens in new window)Click to share on Reddit (Opens in new window)Click to email a link to a friend (Opens in new window)Click to share on Facebook (Opens in new window)Like this:Like Loading... Related
That’s an attack-biased set of definitions, typical of the anti-hacker mindset. What about security incidents caused passively, for example by accidents, errors and omissions? The sewage flood that shorts out the under-floor wiring in the computer suite? The backhoe that takes out all the fibre-optics cables entering the building? The dozy technician who casually pulls the wrong plug or enters the shutdown command on the wrong console by mistake?
I prefer the definitions from ISO/IEC 27000 (draft awaiting publication):
Attack: attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset [term also defined]
Threat: a potential cause of an unwanted incident, which may result in harm to a system or organization.
Vulnerability: weakness of an asset [defined] or control [defined] that can be exploited by a threat.
Gary those are great definitions. Thanks for sharing.
how many differences are there between a threat and a threat agent?