What are Threats

One of the steps in your risk assessment is to identify and document the threats to your assets. I want to explain the difference between a threat and a risk. This room that I’m in right now has risk because there are doors, there are windows, there is a dropdown ceiling, there’s electricity, there are people in here. All of those things inherently have risk. Threats would be the things that could exploit those risks and actually provide harm. So, a threat could walk through the door or come through the window. A threat could come in the form of an electrical malfunction or a person deciding to do something malicious. So those are the threats that you’re identifying. A lot of times people will blur the lines on those two things. So, when you’re documenting your threats, you want to think about what the actual things are that could be a threat here. You might evaluate your environment, and the things that are relevant to you and your business. It's going to be different. Your threats might be different from a different business down the street because they have different people, they have different technologies, they have a different location. So those things have to be taken into account in order to come up with an accurate and thorough list of threats. 

Related Videos