Identification of Vulnerability & Threats
Identification of vulnerability & threats is one of most important the aspects of CISSP training course.
A vulnerability is a weakness in a system or its design. Classifying vulnerabilities helps in identifying its impact on the system. Vulnerability greatly increases the risk of the organization’s assets.
- Design errors
- Software vulnerabilities
- Protocol weaknesses
- Hardware vulnerabilities
- Human factors
- Malicious software
- Physical access to network resources
The threat is meaning the possibility of an attack. In other words, a threat is any potential danger to an asset. Correct Configuring countermeasure of vulnerabilities reduces the threats to a system.
The entity that uses the vulnerability of the system is known as malicious actor and path used by this entity to launch an attack is known as a threat vector.
You can more read about identification of vulnerability & threats here.
Risk management determines how much an organization can accept uncertainty. A threat without any related vulnerability does not create any risk. Scoping the risk is the process of quantifying a threat possibility & its impact on an enterprise.
The process of risk identification occurs during a risk assessment.
Risk analysis is a process of assessment of risks, which allows the security professional to identify and catalog different risks, and then build a certain plan and technique to deal with these risks.