9. Risk Management Terminology
The role of a Security professionals is to use their knowledge to examine operational risk management (Core Objective: To reduce operational risks to an acceptable level, ensuring business continuity, protecting reputation, and maintaining financial stability.) Also determine how to use risk data effectively, work cross functionally, and report actionable information and findings to the stakeholders concerned.
- An asset is something in need of protection.
- A vulnerability is a gap or weakness in those protection efforts.
- A threat is something or someone that aims to exploit a vulnerability to thwart protection efforts.
Everyone must get familiar with these kind of terms as they are repeatedly used in cyber.