Cybersecurity

Confusion over Terminology

Digital ForensicsImportant Cybercrime LawsYet More Theft of Information AssetsPreparation Phase of a Digital SearchData Hiding and SteganographyConfusion over TerminologyPresenting...

· 54 sec read >
cybersecurity terminology

The terms risk, vulnerability and threat are often confusing and sometime interchangeable leading to a lack of understanding when presenting evidence. Risks are usually based on a probability that a threat of some kind will exploit a vulnerability or weakness in a system or network. In recent years risks have been taken more seriously with many businesses that conduct online activities. Vulnerabilities as mentioned above are typically weaknesses that can be exploited by an attacker. This can include anything from poorly configured software and firewalls to badly written pieces of code that can affect secrecy, integrity and control of data and functionality within a system. Bergeron et al. (2001).

Threats involve the attackers or groups we aim to protect our infrastructure from including those who may seek to steal sensitive data, either for profit or other ulterior reasons. Threats can be human or non-human (e.g. natural disasters, power outages, floods, etc.). The term ‘Threat Agent’ is used to describe an individual or group that can manifest a threat. When communicating these terms in a cybersecurity case, confusion could be reduced by calling them out in the investigation report either via a glossary of terms or through examples in the testimony. Proper presentation of these terms will most likely reduce any confusion typically associated with them in order to present a much clearer case.

References:

McGraw, G. (2004). Software Security. Security and Privacy, IEEE, pp. 80-83, March/April, 2004

SANS (2009). The Top Cyber Security Risks. Computer Security Training, Network Research & Resources.  Retrieved from http://www.sans.org/top-cyber-security-risks

Series Navigation<< Data Hiding and SteganographyPresenting Digital Evidence >>

Written by Ian Carnaghan
I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment. Profile
SSL Labs Rating Woes

SSL Labs Rating Woes

Ian Carnaghan in Coding, Cybersecurity
  ·   1 min read

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
0 Comment authors
Helpful Resources for Understanding Web Application Security - Ian Carnaghan Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
trackback

[…] Confusion over Terminology (Vulnerabilities, Risks, Threats) […]