Security threat
In computer security, a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event
A better definition of security threat is:
A potential cause of an incident, that may result in harm of systems and organization
A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.
A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.
• There are three components of threat:
Targets: organization’s asset that might be attacked information (its confidentiality, integrity, availability), software,
hardware, network service, system resource, etc.
Agents: people or organizations originating the threat –
intentional or non-intentional employees, ex-employees, hackers, commercial rivals, terrorists,
criminals, general public, customers
Events: type of action that poses the threat misuse of authorized information, malicious / accidental alteration of information, malicious / accidental destruction of information, etc.
here we can see a video
for more information about this you can check these links:
It is a very good blog
ResponderBorrar