The terms risk, vulnerability and threat are often confusing and sometime interchangeable leading to a lack of understanding when presenting evidence. Risks are usually based on a probability that a threat of some kind will exploit a vulnerability or weakness in a system or network. In recent years risks have been taken more seriously with many businesses that conduct online activities. Vulnerabilities as mentioned above are typically weaknesses that can be exploited by an attacker. This can include anything from poorly configured software and firewalls to badly written pieces of code that can affect secrecy, integrity and control of data and functionality within a system. Bergeron et al. (2001).
Threats involve the attackers or groups we aim to protect our infrastructure from including those who may seek to steal sensitive data, either for profit or other ulterior reasons. Threats can be human or non-human (e.g. natural disasters, power outages, floods, etc.). The term ‘Threat Agent‘ is used to describe an individual or group that can manifest a threat. When communicating these terms in a cybersecurity case, confusion could be reduced by calling them out in the investigation report either via a glossary of terms or through examples in the testimony. Proper presentation of these terms will most likely reduce any confusion typically associated with them in order to present a much clearer case.
References:
McGraw, G. (2004). Software Security. Security and Privacy, IEEE, pp. 80-83, March/April, 2004
SANS (2009). The Top Cyber Security Risks. Computer Security Training, Network Research & Resources. Retrieved from http://www.sans.org/top-cyber-security-risks
