The document outlines the concepts of threats, assets, attacks, vulnerabilities, and risks within an information security context. A threat is identified as a potential cause of harm to an asset, while vulnerabilities represent weaknesses that can be exploited by these threats. Risk is described as the intersection of assets, threats, and vulnerabilities, highlighting the potential for loss or damage when a threat exploits a vulnerability.

1. Threat
Asset
Attack
Risk
Vulnerability
Osama ellahi
significantbyte.com

2. Threat
Threat is a potential cause of an
incident that may result in loss or
physical damage to the computer
systems.
OR
A threat is what we’re trying to
protect against.
OR
Anything that can exploit a
vulnerability, intentionally or
accidentally, and obtain, damage, or
destroy an asset.
Natural Threats
such as floods,
hurricanes, or
tornadoes
Unintentional
threats
like an employee
mistakenly accessing
the wrong
information
Intentional threats
such as spyware,
malware, adware
companies, or the
actions of a
disgruntled
employee
2

3. Asset
People
People may include
employees and
customers along with
other invited persons
such as contractors or
guests
Property
Property assets consist
of both tangible and
intangible items that
can be assigned a
value.
Intangible assets
include reputation and
proprietary
information. It may
include databases,
software code, critical
company records, and
many other intangible
items.
1 2 3
Asset is what we are trying to
protect.
3

4. Attack
Act or action that exploits
vulnerability (i.e., an identified
weakness) in controlled system
OR
Accomplished by threat agent
which damages or steals
organization’s information
Active attacks
attempts to alter system resources
or effect their operations
Passive attacks
attempts to learn or make use of
information from the system
but does not affect system
resources
4

5. Vulnerability
Bugs
5
Weak credentials Unpatched software
Weaknesses or gaps in a security
program that can be exploited by
threats to gain unauthorized
access to an asset.
OR
A vulnerability is a weakness or
gap in our protection efforts.
Reasons of vulnerability 
Malicious InsiderMissing data
encryption.
Phishing, Web &
Ransomware

6. Risk
The potential for loss, damage or
destruction of an asset as a result
of a threat exploiting a
vulnerability.
OR
Risk is the intersection of assets,
threats, and vulnerabilities.
6
New incident
has potential
to harm a
system
Known
weakness of
an asset that
hackers could
exploit
The potential
of loss or
damage when
a threat
exploit a
vulnerability

7. References
1. http://significantbyte.com/posts/106
2. https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk-
commonly-mixed-up-
terms/#:~:text=A%20threat%20is%20what%20we,unauthorized%20access
%20to%20an%20asset.&text=Risk%20%E2%80%93%20The%20potential%
20for%20loss,a%20threat%20exploiting%20a%20vulnerability.
3. https://securityboulevard.com/2020/05/the-9-types-of-security-
vulnerabilities/
4. https://www.bmc.com/blogs/security-vulnerability-vs-threat-vs-risk-whats-
difference/
5. https://www.logixconsulting.com/2020/01/17/cyber-threat-vs-vulnerability-
vs-risk/
6. https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk-
commonly-mixed-up-
terms/#:~:text=Risk%20is%20the%20intersection%20of%20assets%2C%20
threats%2C%20and%20vulnerabilities.&text=You%20see%2C%20when%20
conducting%20a,%2B%20Threat%20%2B%20Vulnerability%20%3D%20Ris
k.
7. https://www.techopedia.com/definition/6060/attack
8. https://www.geeksforgeeks.org/active-and-passive-attacks-in-information-
security/
9. https://blog.logsign.com/what-are-the-types-of-cyber-security-
vulnerabilities/
7