773 B
773 B
Risks vs Threats vs Vulnerabilities
Risks, threats and vulnerabilities are commonly misunderstood.
Fundamentally, vulnerability and risk management practices exist to achieve a minimum level of protection for an organization, which equates to a reduction in the total risk due to the protections offered by implemented controls. This can be conceptualized as a "risk management ecosystem" as it pertains to an organization's overall cybersecurity & data protection efforts.
These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data, as shown below:
