Simply put, assets are what your company is trying to protect.Assets are what your company is trying to protect.Click To Tweet
Assets are your company’s property, people, and information.
Your company property consists of both tangible and intangible items. These are generally assigned a value. Anything such as devices, vehicles, and even land can be company assets.
Intangible assets include reputation and proprietary information.
and many other intangible items.
Vulnerabilities are weaknesses or gaps in the company’s security systems that can be exploited by a threat.Vulnerabilities are weaknesses or gaps in your protection efforts.Click To Tweet
Vulnerabilities can be found in your software, hardware, or even employee training.
Training employees in effective security can go a long way in keeping your company safe. These ongoing trainings can include the dangers of:
And so many more potential dangers. Treating your employees as helpful people will help them be proactive in preventing a cyberattack.
Hardware vulnerabilities can be found in:
Vulnerabilities when it comes to software might come in the form of:
Threats are anything that can exploit a vulnerability. This can be done intentionally or accidentally, and is meant to obtain, damage, or destroy an asset.A threat is what you will be trying to protect against.Click To Tweet
Threats can be practically anything, but the most common ones you’ll fall victim to include:
and to a much lesser degree:
Risk is the potential for loss, damage, or destruction of an asset due to a threat exploiting a vulnerability.Risks are the intersection between assets, threats, and vulnerabilities.Click To Tweet
Risk is the most complex to understand since it is a constantly moving and evolving factor. However, this also makes it the term that is most critical in today’s exercise.
The reason why these distinctions are important is that once you understand how the three terms are related, you can understand how best to protect your company.
For example, if there are no vulnerabilities in your system, there could be any number of potential threats in the environment but there would be no risk to your assets, since there are no vulnerabilities for those threats to exploit.
On the other hand, if you have significant vulnerabilities in your security system, the greater the number of threats in the environment, the greater risk to your company assets.
Due to this relationship between vulnerabilities, threats, and risk, the lower the vulnerabilities, the safer you’ll be regardless of potential threat actors in the environment.
Hopefully, I’ve convinced you on the nuances of assets and vulnerabilities vs threats vs risks.
In the hopes of better educating ourselves on the THREATS factor, be sure you sign up for my threat intelligence website for small and medium businesses.
If you found this post helpful, please be sure to share it with your peers. Online security benefits us all and will only become more critical as technology’s presence grows in our community.
Get informed. Stay safe.