- Feb 26, 2020
- Threat - A threat is a malicious actor whose objective is to breach, cause damage, steal or exfiltrate data from a network or system. Threats usually target assets.
- Assets - Assets are typically business or service critical systems on a company network that store data, provide services to clients or are integral to the running of the company. As a result, assets are attractive to attackers.
- Assets can also be employees.
- During risk assessments/vulnerability assessments, assets need to be identified and adequately secured and protected.
- Risk - Is the potential impact that a threat or vulnerability will/can have on an organization. Risk is used to determine the probability of a potential vulnerability occurring and its consequent effect.
- Vulnerability - A vulnerability is a weakness or flaw in a system or network that, when exploited, will compromise the integrity and security of the system or network and can lead to unauthorized access.
- Exploit - An exploit is a process of breaking into a system or network through a set of or a particular vulnerability. It utilizes a payload to perform specific malicious tasks.
- Payload - A payload is a chunk of exploit code whose purpose is to perform specific tasks on the target system or network, for example; destroy and exfiltrate data, setup backdoor access, etc.
- 0-Day - A Zero-Day is a vulnerability in a system or network that has not yet been patched by the developer.