IT Examiner School

Threats, Vulnerabilities, and Risks

Vulnerability

Risk

Threat

• Any circumstance or event with the potential to adversely impact organizational operations

• Hardware, firmware, or software flaw that leaves an information system open to potential exploitation • Weakness in automated procedures, controls, layout, etc., that could be exploited to gain unauthorized access or disrupt processing

• Level of impact on operations, assets, or individuals given the potential impact of a threat and the likelihood of that threat occurring

Types of Threats