Threat
Any event that can negatively effect our information security systems
e.g. Natural Disasters, Cyberattacks, Data Integrity Breach, Information Disclosure
Vulnerability
Any weakness in system design or implementation
e.g. Software bugs, Missing Security Patches, Lack of Physical Security
Intersection of Threat and Vulnerability is where risk to enterprise systems lies
Threat + No Vulnerability = No Risk
No Threat + Vulnerability = No Risk
Threat Vectors
The means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action
e.g. Message, Image, Files, Voice Calls, Removable Devices, Unsecure Networks
Attack Surface
Encompasses the various points where an unauthorized user can try to enter data to try to extract data from an environment
e.g. Restricting Access, Removing Unnecessary Software, Disabling Unused Protocols