When undertaking an Information Security Risk Assessment, it is important to identify threats and vulnerabilities associated with your assets. So, what is a threat, and what is a vulnerability? Understanding the difference between the 2 can help develop a clear risk assessment so that the correct controls can be chosen and implemented.
- Threat: A threat is something that has the potential to cause harm or damage
- Vulnerability: A vulnerability is a weakness or gap in defenses that could be exploited by a threat.
Essentially, a threat is the potential source of harm, while a vulnerability is the potential avenue through which that harm could be inflicted. For example, a hacker might be a threat to a computer system, but the system’s lack of strong password protection or outdated software could be vulnerabilities that allow the hacker to successfully attack the system.
To find out more about ISO 27001 and how it can help your business please see Adaptive Certifications services page – ISO 27001 ISMS Certification | Adaptive Certifications | Australia
To purchase a copy of the ISO 27001:2012 standard, please visit the ISO store: