Discuss the differences between a threat and an attack. Describe how vulnerability may be converted into an attack (provide an example in your explanation). Solution Threat : It’s an event which can take advantage of vulnerability and cause a negative impact on the network. Threats need to be identified, and the related vulnerabilities need to be addressed to minimize the risk of the threat to the network. A threat can damage the operation, functioning, integrity, or availability of a network or system. Threat will be in any form its like accidental, or act of nature. For example: Denial of service ATTACK : It’s technique or act which is used to exploits or leak a vulnerability. There are two type of attacks Passive attacks are very difficult to monitoring or detecting. Examples of passive attacks would be packet sniffing or traffic analysis. These types of attacks are record traffic on the network. They are gathering information that can be used later in active attacks. For example : Ping of death Major different is Attack is intentional. Threat can be intentional or unintentional. Threat has potential to cause loss or damage But attack is attempted to cause damage. Threat doesn’t mean about information was altered or damaged on information system. But attack means there might be chance to alter, damage, or obtain information when attack was successful on the information system. Describe how vulnerability may be converted into an attack ? Ans: Vulnerability is a weak point of secure the information in asset. It can be happen as the consequence of missing or insufficient control on asset. It may be happen by attack done by threat agent that the accomplishment . Threat is harmful for leak the information or take away from organization .Attack can be action or occasion which will leak the information . It will expose the utilized as damage an information asset. It can be done by attack to damage the asset structure..