What is the difference between threats and vulnerabilities

The risk to your business would be the loss of information or a disruption in business as a result of not addressing your vulnerabilities. Accurately understanding the definitions of these security components will help you to be more effective in designing a framework to identify potential threats, uncover and address your vulnerabilities in order to mitigate risk.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion. See an error or have a suggestion? Please let us know by emailing blogs bmc. May 13, 5 minute read. In order to have a strong handle on data security issues that may potentially impact your business, it is imperative to understand the relationships of three components: Threat Vulnerability Risk Though these technical terms are used interchangeably, they are distinct terms with different meanings and implications.

Get the e-book. You may also like. While it might be unreasonable to expect those outside the security industry to understand the differences, more often than not, many in the business use these terms incorrectly or interchangeably. Maybe some definitions from Strategic Security Management might help…. Asset — People, property, and information. People may include employees and customers along with other invited persons such as contractors or guests.

Property assets consist of both tangible and intangible items that can be assigned a value. The process of discovering, reporting and fixing vulnerabilities is called vulnerability management. A vulnerability, to which fix is not yet available, is called a zero-day vulnerability.

Risk is a combination of the threat probability and the impact of a vulnerability. In other words, risk is the probability of a threat agent successfully exploiting a vulnerability, which can also be defined by the following formula:. Identifying all potential risks, analyzing their impact and evaluating appropriate response is called risk management.

It is a never-ending process, which constantly evaluates newly found threats and vulnerabilities. Or interested in shifting gears to a more effective risk-based approach?

No matter where you are, more information will help you make more effective decisions. The on-demand Kenna Katalyst educational series can help you with that. Kenna Security is now part of Cisco Learn more. Risk, Threat, or Vulnerability?

How to Tell the Difference. How to Tell the Difference Jan 28, John Alexander. Share with Your Network. Words matter, especially in cybersecurity Like any other industry, cybersecurity has its own vernacular.

Risk vs. Where to go from here Understanding risk vs. Risk-Based Vulnerability Management.