Security Definitions
Vulnerability:
· Weakness in Mechanism that can threaten the confidentiality, Integrity, or availability of an asset.
· Lack of countermeasure
Risks Probability of a threat becoming real, and the corresponding potential damages
Threat someone uncovering the threat and exploiting it
Exposure When vulnerability exists in an environment
Countermeasure A control put into place to mitigate potential loss
Some Examples of Vulnerability that are not always obvious
· Lack of security understanding
o Real security requires real knowledge
o Technical to C-level in companies
· Misuse of access by authorized users
o Authorization creep
o Can now be criminal offense according to specific laws
· Concentration of responsibilities
o Separation of duties
· Not being able to react quickly
o No response team or procedure
· Lack of communication structure
· Lack of ways to detect fraud
o Rotation of duties
o Technologies and processes
