Threat vs Vulnerability vs Risk
Article 1 – Threat vs Vulnerability vs Risk
There is some debate in the security community surrounding the defintion of Threat, Vulnerability and Risk. ISO, IEC, NIST and ENISA all disagree, and the Information Security industry also offer various defintions. As examples, Richard Bejtlich of TAO Security, International Charter, Eleventh Alliance and Ingenta all differ in their opinions.
Article 2 – Understanding risk, threat, and vulnerability
IT security, like any other technical field, has its own specialized language developed to make it easier for experts to discuss the subject. It pays to understand this jargon when researching security.