Question

What is the difference between 'vulnerability', 'threat', and 'risk' in cybersecurity?

Q: Answer-What is the difference between 'vulnerability', 'threat', and 'risk' in cybersecurity?

Vulnerability is weakness unpatched software, misconfiguration, weak password policy. Threat is potential event that exploits a vulnerability hacker, malware, insider threat, natural disaster. Risk Threat Vulnerability Impact the probability and consequence of a threat exploiting a vulnerability. Formula Risk Threat Vulnerability Asset Value. Banks must conduct regular Vulnerability Assessments and Penetration Testing VAPT, mandated by RBI, to identify and remediate vulnerabilities before threats exploit them.

A All three terms describe the same concept — potential security issues

B Vulnerability is a weakness in a system; Threat is a potential danger that exploits a vulnerability; Risk is the likelihood and impact of a threat exploiting a vulnerability

C Vulnerability is an attack from a hacker; Threat is the attacker who attacks the system; Risk is the damaged caused due to the attack on a system

D VVulnerability applies to software; Threat applies to hardware; Risk applies to data, software and hardware

E Vulnerability is internal; Threat is external; Risk is financial impact only

Practice Next