A threat is defined as something that might do harm but once a threat happens do we still refer to it as a threat?
For instance, if malware infects our computer, do we still refer to the malware as a threat?
Asked
Active
Viewed 306 times
1
-
If malware infects your computer do you no longer see it as a threat? Because I do. – Bacon Brad Jun 20 '16 at 18:54
-
1@baconface, personally I would call it an incident. – yusuf Jun 20 '16 at 19:09
-
a rose by any other name would smell so sweet... – dandavis Jun 20 '16 at 19:44
2 Answers
3
You may be looking for 'breach'. As described below, the original threat remains, a breach has occurred, and additional new unmitigated threats may exist where the attacker may be able to do additional damage now that they're inside.
Threat: the possibility that something could try to happen
Threat Actor: the person or other entity who will try to make the bad thing (threat) happen
Vulnerability: a hole in the design of the defenses that may allow a threat actor to cause a threat to happen
Asset: something of value
Exposure: an asset has been placed behind a vulnerability, thereby exposing the data to the threat
Exploit (n): the mechanism by which the threat actor will make use of the vulnerability to get to the exposed asset
Exploit (v): the act of using an exploit (n) to make use of a vulnerability to access the exposed asset
Breach(v): the successful act of exploiting a vulnerability. Breaching the defenses
Breach(n): the event during which a breach(v) occurred. A breach in the defenses.
incident: a detected breach or exposure. In some environments, a detected vulnerability, without an exposure
Mitigate: to reduce the severity of an actual or potential breach
Control something in place to mitigate, detect, or prevent a breach
Note that a threat that successfully breaches the security of some of your assets may not have successfully accessed all your assets, and may attempt to re-enter at a later time. Thus, you have a breach by an ongoing threat, with possibility of a wider or repeated breach, using one or more exploits to exploit one or more vulnerabilities that exposed one or more assets to the threat of a threat agent.
atk
- 2,156
- 14
- 15
-
Thank you for your really good answer. Maybe a small point of disagreement. For me a threat, is an entity or an event that might harm the organization's assets. Hence organizations deal every day with threats (malware, social engineering, web application attacks, ...). So threat happens but control measures prevent them from causing harm. – yusuf Jun 20 '16 at 21:42
-
@yusuf definitions do vary. Mine are drawn in large part from NIST, but individual organizations use the terms that communicate stuff best to their employees, customers and regulators. – atk Jun 20 '16 at 22:42
-1
A threat has nothing to with a malware. It is basically a certain probability that an vulnerability gets exposed.
A malware is an exploited vulnerability by some kind.
Niklas Adolfsson
- 19
- 3