Question

What is the difference between Threat, Vulnerability, and Risk in cyber security?

Answer 1

• Threat: Someone with the potential to cause harm by damaging or destroying the official data to a system or organization.

Ex: Phishing attack

• Vulnerability: It refers to weaknesses in a system that makes threat outcomes more possible and even more dangerous.

Ex: SQL injections, cross-site scripting

• Risk: It refers to a combination of threat probability and impact/loss. In simple terms, it is related to potential damage or loss when threat exploits the vulnerability.

Threat probability * Potential loss = Risk