Читать книгу Web Penetration Testing - Radhi Shatob - Страница 9

Asset

Asset is people, property or information that we are trying to protect. People include employees, contractors and customers. Property include tangible and intangible items that can have value, intangible assets include reputation as well as proprietary information. Information include Databases, software code, critical company record and many other intangible items, in short, an asset is what we are trying to protect.

Threat

Threat is anything that that can exploit a vulnerability intentionally or accidently and obtain, destroy an asset, in other words threaten what we are trying to protect against.

Vulnerability

Vulnerability is a weakness or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. Vulnerability is a weakness or gap in our protection efforts.

Risk

Risk is the potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. Risk is the intersection of Assets, threats and vulnerabilities.

Why it is so important to understand the distinction between these terms? because you won’t understand the full extent of the risk to the asset otherwise.

When conducting a risk assessment, the formula used is:

Asset (A) + Threat (T) + Vulnerability (V) = Risk (R).

Exploit

Exploit is a piece of software or a sequence of commands that takes advantage of a vulnerability to cause unintended or unanticipated behavior to occur on computer software or hardware. An exploit is an attack on a computer system specially when it takes advantage of a vulnerability the system has or is known for. Exploit is the act of successfully making attack.