There are many threats actors in the world including nation states, criminal syndicates and various enterprises, hacktivists and insiders. These advisaries have a variety of motivation often include financial gain, corporate or government espionage, and military advantage. These concern is the launch of
cyber attacks through the exploitation of vulnerabilities. There are a number of vulnerabilities in both hardware and software that can be exploited from outside or inside. The vulnerability could be unpatched software, unsecured access points, and poorly configured systems. The consequence is the harm caused to an exploited organization by a cyberattack, the organization will have to face a lot of things including a loss of sensitive data. It will affect the company’s
customer base, reputation, financial standing and may lose a great deal of customers. The consequence can be very costly to the organization. Cyber risk is commonly defined as exposure to harm or loss resulting from breaches of or attacks on information systems. A risk is nothing but intersection of assets, threats and
vulnerability. NIST SP 800-30 Risk Management Guide for Information Technology Practitioners defines risk as a function of the likelihood of a given threat-source exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. So the main components of Risk Assessment are:
Threats are anything that can exploit a vulnerability accidentally or intentionally and destroy or damage an asset. An asset can be anything: people, property or information. An asset is what we are trying to protect and a threat is what we are trying to protect against. Vulnerability means a gap or weakness in our protection efforts. Threat Source is the exploitation of a vulnerability or a situation either intentionally or unintentionally. The complete process of Risk Management can be divided into following stages:
1. Context Establishment – Organization’s mission, values, structure, strategy, locations and cultural environment are studied to have a deep understanding of it’s scope and boundaries. The main role inside organization in charge of risk management activities can be seen as:
2. Risk Assessment – Risk Assessment receives input and output from Context establishment phase and output is the list of assessed risk risks, where risks are given priorities as per risk evaluation criteria.
Adapted from: What is the term for likelihood that a threat will exploit a vulnerability '?Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
What is likelihood of a vulnerability?Definition(s): Chance of something happening. A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities.
What term describes the exploit of a vulnerability?A zero-day attack is the use of a zero-day exploit to cause damage to or steal data from a system affected by a vulnerability.
|