Threats and Vulnerabilities

Threat Vuln and Asset, in the middle is the risk. chart

threat is a person or event that has the potential for impacting a valuable resource

Vulnerability - quality or chareracistic whinin a given resource or environment that might allow the threat to e realized.

If the OS is outdated, that’s a vuln if you combine a threat with a vuln, then you have risk.

Internal Threat - Any threat that originates within the origizination itself. use authorized assess and disrupts the network.

External Threat - A threat from outside of the orginization. people who do not agree with the policy, or they want to gain from your ogizination.

Vulnerability -

Environmental - undesirable conditions or weakenesses that are in the general area surrounding where the network is run. hurricanes, earthquakes.

Physical - weakenesses in the buildings where the network is housed, unlocked doors, cables misbplases.

Operational - focuses how the network and its systems are run from the perspectie from the policies and procedures.

Technical - syste-specefic conditions that create a security weakeness.

CVE - Common vulnerabilities and exposures - list of publicy known vulns for 2017-0144 ect.. eternal blu alows RCE

Zero Day - Any weakeneess in system design, implementaion, software code, or ladck of preventive mechanisims within a network that is unkown at the time of publication.

Exploit Pice of software code that takes advantate of a security flaw or vuln. reverse engineer the software patch then create the code to take advantage of the vuln. people don’t patch right away so there is a period of time when people won’t update. can be incorporated into malware.

Keep systems properly patched and anti-malware software updated.