Confusion over Terminology

The terms risk, vulnerability and threat are often confusing and sometime interchangeable leading to a lack of understanding when presenting evidence. Risks are usually based on a probability that a threat of some kind will exploit a vulnerability or weakness in a system or network. In recent years risks have been taken more seriously with many businesses that conduct online activities. Vulnerabilities as mentioned above are typically weaknesses that can be exploited by an attacker. This can include anything from poorly configured software and firewalls to badly written pieces of code that can affect secrecy, integrity and control of data and functionality within a system. Bergeron et al. (2001).

Threats involve the attackers or groups we aim to protect our infrastructure from including those who may seek to steal sensitive data, either for profit or other ulterior reasons. Threats can be human or non-human (e.g. natural disasters, power outages, floods, etc.). The term ‘Threat Agent’ is used to describe an individual or group that can manifest a threat. When communicating these terms in a cybersecurity case, confusion could be reduced by calling them out in the investigation report either via a glossary of terms or through examples in the testimony. Proper presentation of these terms will most likely reduce any confusion typically associated with them in order to present a much clearer case.

You might also like:
Workplace Monitoring and Blocking Software


McGraw, G. (2004). Software Security. Security and Privacy, IEEE, pp. 80-83, March/April, 2004

SANS (2009). The Top Cyber Security Risks. Computer Security Training, Network Research & Resources.  Retrieved from

Image Credits: Photo by Isis França on Unsplash.

Series Navigation<< Data Hiding and SteganographyPresenting Digital Evidence >>

More Similar Posts

Leave a Reply

1 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
0 Comment authors
Helpful Resources for Understanding Web Application Security - Ian Carnaghan Recent comment authors
newest oldest most voted
Notify of

[…] Confusion over Terminology (Vulnerabilities, Risks, Threats) […]

Share via
Copy link