Cybersecurity: Threats and Vulnerabilities

Understanding the foundation of risk management in cybersecurity

Threats

External factors that could cause harm to IT systems:

Key characteristic: Generally outside of our direct control

Vulnerabilities

Internal weaknesses in system design or implementation:

Key characteristic: Within organizational control

Risk Equation

Important: Risk only exists where threats and vulnerabilities intersect. No matching vulnerability = no risk. No matching threat = no risk.

Risk Management Options

Mitigate

Implement controls to reduce vulnerability or threat impact

Transfer

Shift responsibility to another party (e.g., insurance)

Avoid

Eliminate the risk by removing the vulnerability or avoiding the threat

Accept

Acknowledge and live with the risk when other options aren't feasible

Practical Example: Morning Commute

Vulnerabilities (Internal Factors)

Threats (External Factors)

Risk Mitigation Example

Waking up an hour earlier provides buffer time to handle potential issues that might arise during the commute.

Commute Example Risk Analysis