subject: The Place of Vulnerability and Threat in a Risk Assessment for Information Security [print this page] The roles of vulnerability and threat in a risk assessment are fundamental to the exercise. In terms of information security risks, it may not be immediately obvious what the vulnerabilities and threats actually are, since information is a less tangible type of asset than, for example, industrial equipment. However, it is important to estimate them accurately, since the output of the risk assessment determines the entire Information Security Management System (ISMS). Hence, vulnerability and threat are vital concepts to master when carrying out any form of risk assessment.
The Place of Vulnerability and Threat in a Risk Assessment for Information Security
