• anything with potential to cause harm
  • anything that could exploit an asset’s vulnerabilities and result in a loss
  • if an asset is vulnerable to a threat, the asset is at risk
  • examples of threats include:
    • blackout
    • lightning strike
    • hacker in Nigeria
      • or any threat actor
    • malware
    • rogue employees
  • organizations cannot control threats, they can only protect against threats
    • i.e. a UPS may offer some protection against a blackout, but the threat of a blackout is there just the same
  • information about threats and threat actors is called threat intelligence

» Cyber Security Glossary