What are Threats
Transcript
One of the steps in your risk assessment is to identify and document the threats to your assets. I want to explain the difference between a threat and a risk. This room that I’m in right now has risk because there are doors, there are windows, there is a dropdown ceiling, there’s electricity, there are people in here. All of those things inherently have risk. Threats would be the things that could exploit those risks and actually provide harm. So, a threat could walk through the door or come through the window. A threat could come in the form of an electrical malfunction or a person deciding to do something malicious. So those are the threats that you’re identifying. A lot of times people will blur the lines on those two things. So, when you’re documenting your threats, you want to think about what the actual things are that could be a threat here. You might evaluate your environment, and the things that are relevant to you and your business. It's going to be different. Your threats might be different from a different business down the street because they have different people, they have different technologies, they have a different location. So those things have to be taken into account in order to come up with an accurate and thorough list of threats.
One of the steps in your risk assessment is to identify and document the threats to your assets. I want to explain the difference between a threat and a risk. This room that I’m in right now has risk because there are doors, there are windows, there is a dropdown ceiling, there’s electricity, there are people in here. All of those things inherently have risk. Threats would be the things that could exploit those risks and actually provide harm. So, a threat could walk through the door or come through the window. A threat could come in the form of an electrical malfunction or a person deciding to do something malicious. So those are the threats that you’re identifying. A lot of times people will blur the lines on those two things. So, when you’re documenting your threats, you want to think about what the actual things are that could be a threat here. You might evaluate your environment, and the things that are relevant to you and your business. It's going to be different. Your threats might be different from a different business down the street because they have different people, they have different technologies, they have a different location. So those things have to be taken into account in order to come up with an accurate and thorough list of threats.
Related Videos
Cyber Threat Intelligence
Defining Risk, Threat and Vulnerability
Does Zero Risk Exist
Monitoring Changing Risk
Overview of Environmental Risk
Personnel Risk
Real-world Risk Assessment
The Assessment of Fraud for SOC 2
Third Parties are Threats Too
