Professional Documents
Culture Documents
Differentiate Between Assets and Threats Giving Your Own Examples
Differentiate Between Assets and Threats Giving Your Own Examples
Differentiate Between Assets and Threats Giving Your Own Examples
OWN EXAMPLES
A threat is any incident that could negatively affect an asset – for example, if it's
potential for a threat agent to exploit a vulnerability. A risk is the potential for loss
In almost any context, an asset is a positive thing, and it often has worth. Money is
an asset, for example. When you list assets and liabilities, assets are all things that
have value.
In broad terms, an asset can be people, property, or information. For web security
purposes, we’re referring to your website here. But it can also include your online
protect against.
Let’s use the example of home ownership to illustrate these. Your home would be
your asset. A threat would be a burglar, or even the tools that a burglar might use,
like a lock pick. These potential threats can do damage to your home if not
protected against.
Online, let’s look at your website as the asset. A security threat to your website
would be a hacker, and potentially the tools that a hacker would use, for example a
piece of malicious code, like malware, that can be installed on a site. That code can
infiltrate your site and install viruses or bring down your website in an attack.
TYPES OF THREATS
A natural threat is one that is outside of your control and unpredictable; they’re
often natural disasters and hazards such as tornadoes, floods, hurricanes, forest
An unintentional threat is an act that puts your information security at risk, but it
was not done maliciously. These types of threats can often be attributed to human
error.
An intentional threat is one that compromises your information system and is done
The best way to be prepared for intentional cyber threats is to be aware of them.
Keeping up to date on cyberattacks and data breaches, and how cyber criminals or
The only way a threat can do damage to your asset is if you have an unchecked
electricity. If there is no battery backup, the burglar could take down the power and
then have free unauthorized access to the home. Or another vulnerability could be
By that same token, your website could have vulnerabilities that hackers could take
advantage of. Old code or plugins that aren’t updated or maintained can be as
dangerous as leaving a door unlocked in a house. If you aren’t updating your site
regularly, you could be leaving vulnerabilities wide open for hackers to walk right
through.
Common Vulnerabilities and Management
As noted above, old code or plugins are often used by threat actors. It’s important
to update your operating system and applications regularly to ensure any unpatched
ensure that all data is encrypted and there are no software misconfigurations or
bugs.
that your team runs vulnerability assessments and scans regularly. In addition, you
should ensure your cybersecurity policy is up to standards (ISO 27001), you have a
Understanding these separate concepts help you understand how safe your website
really is.
Threats, like hackers, may exist. But if you have no vulnerabilities, then your risk
is very low.
You may have vulnerabilities on your site, but if threats don’t exist, then you still
have little risk (this is not really an option, however, as hackers are very prevalent
online).
B. WRITE SHORT NOTES ON VULNERABILITY AND THREAT
Vulnerability
unlocked in a public parking lot. Leaving the doors unlocked does not necessarily
mean harm will occur, but it is an opening for someone to go through your car. Our
office looks for vulnerabilities in WashU systems to catch them before bad actors
Threat
Identifying threats is akin to answering the question, “Who or what could cause
harm?” In a broad sense, a threat is anything that could exploit a vulnerability and
example, the owner of the car did not lock their door, so a carjacker could exploit