Risk terminology: Understanding assets, threats and vulnerabilities

risk noun the possibility of something bad happening

Definition of risk: Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization

  • Asset: A component or item of an IT infrastructure that is valuable to an organisation.
  • Threat: Any circumstance that could cause loss of or damage to an asset.
  • Vulnerability: A weakness in the IT infrastructure or its components that may be exploited by a threat to destroy, damage or compromise an asset.

Discover more and see the list of suggested assets, threats and vulnerabilities >>

Understanding your organisations’ vulnerabilities is the first step to managing risk.

Once organisations have established their vulnerable areas, they should then prioritise which IT assets and components need protection. By mitigating vulnerabilities, businesses can minimise the likelihood of potential risks.

It is worth considering the above factors before embarking on a risk assessment.

If you want save time, money and hassle, and keep up to date with the latest laws and compliance regulations, then invest in an information security risk assessment tool that will ease the burden for you.

vsRisk™ provides users with a reliable, robust and consistent risk assessment that meets ISO 27001 requirements. To get a free one-to-one demonstration, please click here: http://www.vigilantsoftware.co.uk/t-free-demo.aspx

Source: http://www.informit.com/articles/article.aspx?p=426764#

 

Leave a Reply

Your email address will not be published. Required fields are marked *