Skip links

ISO 27001: Threats and vulnerabilities

When undertaking an Information Security Risk Assessment, it is important to identify threats and vulnerabilities associated with your assets. So, what is a threat, and what is a vulnerability? Understanding the difference between the 2 can help develop a clear risk assessment so that the correct controls can be chosen and implemented.

  • Threat: A threat is something that has the potential to cause harm or damage
  • Vulnerability: A vulnerability is a weakness or gap in defenses that could be exploited by a threat.

Essentially, a threat is the potential source of harm, while a vulnerability is the potential avenue through which that harm could be inflicted. For example, a hacker might be a threat to a computer system, but the system’s lack of strong password protection or outdated software could be vulnerabilities that allow the hacker to successfully attack the system.

To find out more about ISO 27001 and how it can help your business please see Adaptive Certifications services page – ISO 27001 ISMS Certification | Adaptive Certifications | Australia

To purchase a copy of the ISO 27001:2012 standard, please visit the ISO store:

ISO – ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection — Information security management systems — Requirements

Comments are closed.

This website uses cookies to improve your web experience.

Fill in the form to download the guide!

<script charset="utf-8" type="text/javascript" src="//"></script>
    region: "na1",
    portalId: "6613509",
    formId: "1bb30b73-15e5-4889-830c-cba2b472912b"

Fill in the form to download the guide!

Fill in the form to download the guide!

Fill in the form to download the guide!

Fill in the form to download the guide!