Definition should include the distinctions between risk, vulnerability, and threat.
Definition should state that
- risk is the likelihood that a vulnerability will occur and that a loss occurs if that vulnerability is exploited
- vulnerability refers to a flaw in a system that can leave it open to attack; it may also refer to any type of weakness in a computer system, in a set of procedures, or in anything that leaves information security exposed to a threat.
- threat refers to an action that might exploit a vulnerability and cause potential harm (e.g., cyber, terrorism, pandemics, extreme weather, accidents, technical failures).
Teacher Resources:
Process/Skill Question:
How can one determine where possible risks, vulnerabilities, and threats may occur in a manufacturing environment?