The term “threat” refers to the source and means of a particular type of attack. One enumerates the most critical and most likely dangers, and evaluates their levels of risk relative to each other as a function of the interaction between the cost of a breach and the probability of that breach.Īnalyzing risk can help one determine appropriate security budgeting - for both time and money - and prioritize security policy implementations so that the most immediate challenges can be resolved the most quickly. A risk assessment is performed to determine the most important potential security breaches to address now, rather than later. The term “risk” refers to the likelihood of being targeted by a given attack, of an attack being successful, and general exposure to a given threat.
The three security terms “risk”, “threat”, and “vulnerability” will be defined and differentiated here: Risk For example, a “risk assessment” and a “threat assessment” are two entirely different things, and each is valuable for its own reasons and applicable to solving different problems. Different security jargon terms have distinct meanings, to be used in specific ways, for a reason. It pays to understand this jargon when researching security.Ī lot of security terms get used almost interchangeably in the popular tech press, even when they shouldn’t. IT security, like any other technical field, has its own specialized language developed to make it easier for experts to discuss the subject. Understanding risk, threat, and vulnerability