Risk Management – Terminology

by
Sharing is caring

Views: 8

Risk Avoidance

Risk Acceptance

Risk Reduction

Basic Terminology

  • Threat: an intentional or accidental event that can compromise the security of an information system. Examples include hacking, phishing attacks, human error, and natural disasters.
  • Vulnerability: a software, hardware, or network weakness that cybercriminals can exploit to gain unauthorised access or compromise a system.
  • Asset: a valuable resource or component (tangible or intangible) that an organisation relies upon to achieve its objectives.
  • Risk: the probability of a threat source exploiting an existing vulnerability and resulting in adverse business effects.
  • Risk Management (RM): the process of identifying, assessing, and mitigating risk to maintain acceptable levels.

Threat

threat is a potential harm or danger to an individual, organisation, or system. Threats can be classified into three main categories: human-made, technical, or natural.

Human-made threats: These threats are caused by human activities or interventions. Examples include:

  • Terrorism
  • Wars and conflicts
  • Riots and civil unrest
  • Cyberattacks
  • Industrial accidents
  • Arson

As can be seen, human-made threats are not limited to cyberattacks; although they do not require technical expertise, arson is a grave threat. Realising any of these threats can have the power to disrupt the whole business; both a cyberattack and arson can prevent a company from functioning for a while.

Technical threats: These threats result from technological failures, malfunctions, or vulnerabilities. Examples include:

  • Power outages
  • Software and hardware failures
  • Data breaches
  • Network and system vulnerabilities
  • Equipment malfunctions

A power outage can halt an entire company without a backup power source. A failed power supply means the whole server is down unless another backup power supply is on standby. Any of these technical threats can prevent business processes from moving forward; therefore, considering each of these threats is a must in any risk analysis.

Natural threats: These are threats caused by natural events or phenomena. Examples include:

  • Earthquakes
  • Floods

Natural threats depend on the location of the company or data centre. Studying the natural hazards to which a particular area is exposed is necessary to ensure proper risk analysis.

Vulnerability

vulnerability is a weakness in the system or software that can be exploited by a threat to cause harm. To elaborate, it is a weakness that can be exploited by malicious individuals, groups, or external factors to gain unauthorized access, cause damage, or compromise the integrity, availability, or confidentiality of a system, data, or network. Vulnerabilities can arise from software bugs, misconfigurations, or outdated security.