SF101 Threats Vulnerabilities and Exploits - ITPro

Threats

Threat

Threat Definition
  • [i] Threat) - (definition:: Any circumstance or event that has the potential to adversely affect an organization's assets, such as data, systems, or personnel) - (subject:: Cybersecurity

Threat Example

These can include:

A threat is perpetrated by a threat actor, who are just the individuals or groups responsible for threats. These can include:

  • Script Kiddies - Unskilled individuals using premade tools to attack
  • Malicious Insiders - Authorized users with malicious intent to harm their organization.
  • Hacktivists - Groups motivated by political or ideological goals (think of Anonymous).
  • State-sponsored Actors - Well-funded and organized groups backed by organizations.
  • Cyber terrorists - Aiming to sow fear, uncertainty, and discord.
  • Advanced Persistent Threats (APT) - Highly organized and skilled, conduct long-term operations for gain.

Vulnerabilities

Vulnerabilities

Vulnerabilities Definition
  • [i] Vulnerability) - (definition:: A weakness in a system that can be exploited by a threat actor to gain unauthorized access or cause harm to an organization's assets.) - (subject:: Cybersecurity

Vulnerabilities Example

Vulnerabilities include:

  • Poor security practices
  • Weak passwords
  • Legacy systems out of of date and lacking security patches
  • Default or insecure configuration files
  • Insecure protocols (clear text communications)

These vulnerabilities are the entry points for threats to be realized and impact the organization.

Exploits

Exploit

Exploit Definition
  • [i] Exploit) - (definition:: A tool or technique used by a threat actor to take advantage of a vulnerability) - (subject:: Cybersecurity

Exploit Example

Examples include:

Exploits are a threat actor's toolbox to leverage vulnerabilities to achieve their goals.