Threat | Vulnerability | Threat Agent | Risk | Asset | Exposure Factor

Security Definitions

Asset: Asset can be any information, S/W, H/W, Critical equipment, financial success, etc.

Vulnerability: Vulnerability is any H/W, S/W, or procedural weakness that may give an attacker the open door for unauthorized access to resources. [Weakness in system | Inside body]

Threat: The threat is any potential danger to the system or information. [How Threat agent exploit the vulnerability]

Threats can be

- Natural Threats: Natural disasters like Floods, Earthquakes, Volcanos
- Human: Man-Made & Socio-Political - Strikes, Terrorist attacks
- Environmental: Supply systems - Power failure

Threat Agent: The entity that takes advantage of a vulnerability.
Threat agent can be a malicious entity or an actor or a person, responsible for a malicious event or incident to occur that impacts the safety or security of the another entity or a system, etc

Risk: Risk is a likelihood of a threat agent taking advantage of weakness or vulnerability and the resulting business impact. [Risk is what happens after threat]

Exposure: Exposure is an instance of being exposed to losses from a threat agent.

Countermeasure or safeguard: Is to mitigate the potential risk.

Example

The roof is not very strong | A strong wind/rain can make rooftop to go & damage the property | If water gets in house 50% of the material can damage.

Asset: House & Material in house 

Threat Agent:  Strong wind & Heavy Rainfall

Vulnerability: Weak Roof 

Threat: Strong wind might blow off the roof 

Risk: Damage to material in the house

Exposure Factor: 50% of material which is not covered properly

Countermeasure: Roof enforcement, strong roof construction.