Scribd Logo
Upload

Welcome to Scribd!

  • 6 views

    Differentiate Between Assets and Threats Giving Your Own Examples

    Uploaded by

    SEMIU AKIN
    The document discusses the key concepts of assets, threats, vulnerabilities, and risks in cybersecurity. An asset is anything that needs protection, such as a website, data, or reputation. A threat is anything that can damage or exploit an asset, like a hacker or malicious code. A vulnerability is a weakness that threats can exploit, for example out of date software. Risk is the potential for loss when threats exploit vulnerabilities to damage assets. Maintaining awareness of common threats, regularly updating systems, and conducting vulnerability assessments and scans are important for cybersecurity.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Differentiate Between Assets and Threats Giving Your Own Examples

    Uploaded by

    SEMIU AKIN
    6 views5 pages
    The document discusses the key concepts of assets, threats, vulnerabilities, and risks in cybersecurity. An asset is anything that needs protection, such as a website, data, or reputation. A threat is anything that can damage or exploit an asset, like a hacker or malicious code. A vulnerability is a weakness that threats can exploit, for example out of date software. Risk is the potential for loss when threats exploit vulnerabilities to damage assets. Maintaining awareness of common threats, regularly updating systems, and conducting vulnerability assessments and scans are important for cybersecurity.

    Original Description:

    Original Title

    DIFFERENTIATE BETWEEN ASSETS AND THREATS GIVING YOUR OWN EXAMPLES

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses the key concepts of assets, threats, vulnerabilities, and risks in cybersecurity. An asset is anything that needs protection, such as a website, data, or reputation. A threat is anything that can damage or exploit an asset, like a hacker or malicious code. A vulnerability is a weakness that threats can exploit, for example out of date software. Risk is the potential for loss when threats exploit vulnerabilities to damage assets. Maintaining awareness of common threats, regularly updating systems, and conducting vulnerability assessments and scans are important for cybersecurity.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    6 views5 pages

    Differentiate Between Assets and Threats Giving Your Own Examples

    Uploaded by

    SEMIU AKIN
    The document discusses the key concepts of assets, threats, vulnerabilities, and risks in cybersecurity. An asset is anything that needs protection, such as a website, data, or reputation. A threat is anything that can damage or exploit an asset, like a hacker or malicious code. A vulnerability is a weakness that threats can exploit, for example out of date software. Risk is the potential for loss when threats exploit vulnerabilities to damage assets. Maintaining awareness of common threats, regularly updating systems, and conducting vulnerability assessments and scans are important for cybersecurity.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    DIFFERENTIATE BETWEEN ASSETS AND THREATS GIVING YOUR

    OWN EXAMPLES

    A threat is any incident that could negatively affect an asset – for example, if it's

    lost, knocked offline or accessed by an unauthorised party. Threats can be

    categorised as circumstances that compromise the confidentiality, integrity or

    availability of an asset, and can either be intentional or accidental.

    WHAT IS DIFFERENCE BETWEEN THREAT AND RISK?

    A vulnerability is a flaw or weakness in an asset's design, implementation, or

    operation and management that could be exploited by a threat. A threat is a

    potential for a threat agent to exploit a vulnerability. A risk is the potential for loss

    when the threat happens.

    ASSET: WHAT YOU ARE PROTECTING

    In almost any context, an asset is a positive thing, and it often has worth. Money is

    an asset, for example. When you list assets and liabilities, assets are all things that

    have value.

    In broad terms, an asset can be people, property, or information. For web security

    purposes, we’re referring to your website here. But it can also include your online

    reputation or sensitive data such as customer information or financial records.

    Any sensitive information that needs to be protected is an asset.

    Threat: Something that can damage or destroy an asset


    If an asset is what you’re trying to protect, then a threat is what you’re trying to

    protect against.

    Let’s use the example of home ownership to illustrate these. Your home would be

    your asset. A threat would be a burglar, or even the tools that a burglar might use,

    like a lock pick. These potential threats can do damage to your home if not

    protected against.

    Online, let’s look at your website as the asset. A security threat to your website

    would be a hacker, and potentially the tools that a hacker would use, for example a

    piece of malicious code, like malware, that can be installed on a site. That code can

    infiltrate your site and install viruses or bring down your website in an attack.

    TYPES OF THREATS

    Threats can be natural, unintentional, or intentional:

    A natural threat is one that is outside of your control and unpredictable; they’re

    often natural disasters and hazards such as tornadoes, floods, hurricanes, forest

    fires, and more.

    An unintentional threat is an act that puts your information security at risk, but it

    was not done maliciously. These types of threats can often be attributed to human

    error.

    An intentional threat is one that compromises your information system and is done

    purposefully by threat actors.


    HOW TO BE PREPARED

    The best way to be prepared for intentional cyber threats is to be aware of them.

    Keeping up to date on cyberattacks and data breaches, and how cyber criminals or

    hackers are accomplishing them, is important. Some of the common threats

    include: DDoS (distributed denial-of-service), phishing, SQL injection, man-in-

    the-middle (MitM), and malware.

    Vulnerability: A weakness or gap in your protection

    The only way a threat can do damage to your asset is if you have an unchecked

    vulnerability that the threat can take advantage of.

    In the house example, a vulnerability could be a security system that relies on

    electricity. If there is no battery backup, the burglar could take down the power and

    then have free unauthorized access to the home. Or another vulnerability could be

    something as simple as an unlocked window. Anything that a burglar could take

    advantage of is a security vulnerability.

    By that same token, your website could have vulnerabilities that hackers could take

    advantage of. Old code or plugins that aren’t updated or maintained can be as

    dangerous as leaving a door unlocked in a house. If you aren’t updating your site

    regularly, you could be leaving vulnerabilities wide open for hackers to walk right

    through.
    Common Vulnerabilities and Management

    As noted above, old code or plugins are often used by threat actors. It’s important

    to update your operating system and applications regularly to ensure any unpatched

    security vulnerabilities are removed. In addition, your IT security teams should

    ensure that all data is encrypted and there are no software misconfigurations or

    bugs.

    Proactive vulnerability management is essential for cybersecurity. It’s important

    that your team runs vulnerability assessments and scans regularly. In addition, you

    should ensure your cybersecurity policy is up to standards (ISO 27001), you have a

    contingency plan in place, and you maintain strict access control.

    Risk: Where assets, threats, and vulnerabilities intersect

    Risk itself is a function of threats taking advantage of vulnerabilities to steal or

    damage assets. In other words, Asset + Threat + Vulnerability = Risk.

    Understanding these separate concepts help you understand how safe your website

    really is.

    Threats, like hackers, may exist. But if you have no vulnerabilities, then your risk

    is very low.

    You may have vulnerabilities on your site, but if threats don’t exist, then you still

    have little risk (this is not really an option, however, as hackers are very prevalent

    online).
    B. WRITE SHORT NOTES ON VULNERABILITY AND THREAT

    Vulnerability

    Identifying vulnerabilities is akin to answering the question, “How could harm

    occur?” Sometimes, a vulnerability can exist simply from an asset’s

    implementation or deployment. For example, a vulnerability is leaving your car

    unlocked in a public parking lot. Leaving the doors unlocked does not necessarily

    mean harm will occur, but it is an opening for someone to go through your car. Our

    office looks for vulnerabilities in WashU systems to catch them before bad actors

    can exploit them.

    Threat

    Identifying threats is akin to answering the question, “Who or what could cause

    harm?” In a broad sense, a threat is anything that could exploit a vulnerability and

    hinder the confidentiality, integrity, and availability of anything valuable. Threats

    can either be natural or human-made and accidental or deliberate. In our car

    example, the owner of the car did not lock their door, so a carjacker could exploit

    the opportunity. This means the threat is human-made and deliberate.

    You might also like