In your original post, please try to answer the following question from Jason below. To answer this question, you may refer to his guest lecture slides or do an online search. If you use internet sources, please provide the reference in your post and do not copy & paste.
Describe the relationship between threat and vulnerability and how they come together to assist in making a risk-based decision and how the levels of uncertainty in either, and those additional factors that affect uncertainty, may also affect the desired outcome.
In your response, please provide feedback to another student’s post as follows: Describe aspects you liked about the classmate’s post, provide suggestions for how the post can be improved, and end with a short conclusion
student discussion reply: Threat and vulnerability are both related to cyber risk. Threat refers to the potential damage and danger caused by external actors, such as exposure to the foreign intelligence group and criminal group. The level of uncertainty of threat is that it is uncontrollable but can be identified in advance. Vulnerability is the weaknesses of an organization that is vulnerable to attack or breach but can be prevented and improved through control. Cybersecurity vulnerability can also explain as certain inattentive properties lead to aggression, for instance, sensitive data exposure. The uncertainty of vulnerability depends on how the weakness has been detected and corrected. It can cause massive loss to the asset, once used by threats successfully. This is the main difference and relationship between threat and vulnerability. As vulnerability is the prerequisite for external threats, cyber vulnerabilities that may be exploited by threat actors should be identified regularly. The risk assessor should comprehensively judge the vulnerabilities and severity of assets from the perspective of security policies and demands. When making risk-based decisions, information security management also known as the ISO 27000 series can enhance cyber security, or refer to the National Institute of Standard and Technology cybersecurity framework. Additional factors such as disgruntled employees or intangible relationships between organizations and societies are the most difficult elements to control, resulting in extreme consequences and undesired outcomes.
0 comments