Understanding risk, threat, and vulnerability

December 12, 2016


  There are many potential definitions of risk—some general and others more technical. Additionally, it is important to distinguish between a risk and a threat. Although many people use the words threat and risk synonymously, they have two very different meanings. As with any key concept, there is some variation in definition from one organization to another. For the purposes of this guide, we will define terms as follows:


Risk: The combination of the probability of an event and its consequence , Risk is mitigated through the use of controls or safeguards.


Threat: Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. Some organizations make a further distinction between a threat source and a threat event, classifying a threat source as the actual process or agent attempting to cause harm, and a threat event as the result or outcome of a threat agent’s malicious activity.


Asset: Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation.


Vulnerability: A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events.


Although much of cybersecurity is focused on the design, implementation and management of controls to mitigate risk, it is critical for security practitioners to understand that risk can never be completely eliminated. Beyond the general definition of risk provided above, there are other, more specific types of risk that apply to cybersecurity.


Residual risk: Even after safeguards are in place, there will always be residual risk, defined as the remaining risk after management has implemented a risk response.


Inherent risk: The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls)


Share on Facebook
Share on Twitter
Please reload

Featured Posts
Recent Posts
Please reload

Please reload

Search By Tags
Please reload

Follow Us
  • Twitter Social Icon
  • LinkedIn Social Icon

Safe Decision Co. | Intelligent Solutions...  For Safe World



Please reload


+966 11 2266124

7144 Uthman Ibn Affan Rd ­An Nada Ar Riyadh 13317- ­4442 Kingdom of Saudi Arabia

Second floor- Office (17)

  • Black Twitter Icon
  • Black LinkedIn Icon
Copyright © 2016 - 2020 by Safe Decision Co.