Threat Vs Vulnerability Vs Risk (In layman story)

-
 In Simple language  : we forgot take out the key from the Car  in public area is an Vulnerability and the  Threat here is where we put the car & key, is it in City area or in a Village ! ?, that is, how  much probability on potential to the vulnerability.  and finally , the Asset value is what kind car we using Ford or Ferrari  :).

The term “vulnerability” refers to the security flaws (Weakness ) in a system that allow an attack to be successful. Threat is the frequency or probability of potentially adverse events.

 Risk = Threat * Vulnerability * Asset Value 

Come to Tech Scenario :Think we left server / laptop unlocked in home or office a vulnerability assessment is the process of identifying and quantifying vulnerabilities in an environment.

It is an in-depth evaluation of your posture, indicating weaknesses as well as providing the appropriate mitigation procedures required to either eliminate those weaknesses or reduce them to an acceptable level of risk. On the other hand, a pen test simulates the actions of an external and/or internal attacker that aims to breach the security of the organization. Using many tools and techniques, the penetration tester attempts to exploit critical systems and gain access to sensitive data. Depending on the scope, a pen test can expand beyond the network to include social engineering attacks or physical security tests. (White Box, Gray Box, Black Box) (Back Track 5 - OS) 

Comments

Post a Comment

Popular posts from this blog

‘Lazy’ in pet name called comfort!!

-
Image
Don’t be lazy to set minimum level of required security! Information Technology era shrinks the global economy into small virtual village with good and bad, as always two side of one coin, yes as usual olds were foresighted. Internet, Cloud and Big data are now great enabler for business and life. But some where we should keep the limit as it’s shouldn’t peak nose into our privacy and healthy life!!!  Each new technology brings human to more comfort than had and its make humans lazier and weaker. Anyway here I’m not focusing on life style and health impacts. As I’m fan of Wills Smith and his movie I, Robot, in the movie plot robot had the “three laws of robotics”   directives - to never harm a human or let a human come to harm, to always obey humans unless this violates the First Law, and to protect its own existence unless this violates the First or Second Laws. The reason I mentioned here human is important than any other. But our views are changing, Yes, we al...
Read more

Security Incident Hand-off

-
Image
"Organization QWERTY Data loss for 10,000 record and its share value may drop " Rumor inside. I personally prefer to do  "Security  Hand-Off process"  while identifying the security incident based on the nature and directly impact the reputation or share values should be handled by experts from cyber security incident management ( like IBM CERT and ERS) and organization's CISO to lead the situation. Its mandate to have participation from customer side to validate the impact and its take necessary actions. Of course, among IT and Incident management peoples should have proper education on Cyber security and how to handle such substations and avoid rumor's. Which help organization to contain the situation to controlled manner to take right action. Then general incident team make such issues as noise and spread unhealthy news across and lead to dis agreed messages to outsides. and even some best practices in general Incident management practice need ...
Read more

Bypassing Security Control for VIPs !

-
Image
Risk Vs Threat Vs Vulnerability  Its connected to previous posts and thoughts... On many Organizations to satisfy the personalities seems bypassing Security controls for VIPs where i refer those VIP are high value assets and crown jewel of organizations.  Controls we are deploying should be process oriented not personal oriented. Agree IT is to support Business, Of-course. But in this new era many business undoubtedly connected to NET and its should protected.  Referring to RISK equation as below;  Risk = Threat * Vulnerability * Asset Value  In Simple language : forgot the Car key in side the Car is an Vulnerability, threat here is where we put the car & key, in City or Village, ie how potential on vulnerability. Asset value is what kind car we using Maruti or Ferrari :) . The term “vulnerability” refers to the security flaws (Weakness ) in a system that allow an attack to be successful. Threat is the frequency of potentially a...
Read more