Threats vs vulnerabilities
Assign topic to the user
Answer: Threat is something that can damage the confidentiality, integrity or availability of your information; vulnerability is a state of your assets, your systems, your organization, etc. that allows this threat to materialize. E.g. threat is malware, while lack of anti-virus software is a vulnerability.
You'll find more help here: ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
This Catalogue of threats and vulnerabilities will also help you: https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
Comment as guest or Sign in
Oct 20, 2016