9 lines
773 B
Markdown
9 lines
773 B
Markdown
# Risks vs Threats vs Vulnerabilities
|
|
[Source](https://securecontrolsframework.com/risk-management-model/)
|
|
|
|
Risks, threats and vulnerabilities are commonly misunderstood.
|
|
|
|
Fundamentally, vulnerability and risk management practices exist to achieve a minimum level of protection for an organization, which equates to a reduction in the total risk due to the protections offered by implemented controls. This can be conceptualized as a "risk management ecosystem" as it pertains to an organization's overall cybersecurity & data protection efforts.
|
|
|
|
These ecosystem components have unique meanings that need to be understood to reasonably protect people, processes, technology and data, as shown below:
|
|
|