Relationship Between Vulnerability, Threat, Control And Risk As They Relate to Cybersecurity

In this video we examine the relationship between Vulnerability, Threat, Control and Risk and how they relate to Cybersecurity. VULNERABILITY: This is defined as the weakness in a control or a system. THREAT: Anything (object, substance or human) that has the tendency to cause harm or destruction. CONTROL: This is an action implemented to counter a potential threat and thus reduce a risk. RISK: This is the likelihood of a THREAT exploiting a VULNERABILITY in a control (or system) to cause an undesirable IMPACT. INHERENT RISK: The risk level or exposure without taking into account the actions that an organization has taken or might take (e.g., implementing security controls). Example if you are in a banking industry, one of the inherent risk of being in banking business is Theft or Armed Robbery. RESIDUAL RISK: This is defined as the remaining risk after an organization has implemented a risk response (control). The core duty of cybersecurity professional is to identify, mitigate, and manage Cyberrisk to an organization’s digital assets. Cybersecurity professional must understand risk in the context of cybersecurity, which means knowing how to determine, measure and reduce risk effectively. Assessing risk is one of the most critical functions of a cybersecurity professional. Without adequate knowledge of the risk, organization might implement over-protective or under-protective controls! *****Approaches to Implementing Cybersecurity Program**** Generally, there are three (3) different approaches to implementing cybersecurity program: 1. Compliance-based: This approach relies on rules & regulations or standards hence controls are implemented regardless, whether you like it or not (e.g., FISMA, HIPAA, SOX, PCI DSS etc.). * Public Company Accounting Reform and Investor Protection Act *** U.S Senate Name For SOX*** * Corporate and Auditing Accountability, Responsibility, and Transparency Act ***U.S House Name For SOX*** 2. Risk-based: This approach relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs. 3. Ad hoc: This approach simply implements security with no particular rationale or criteria. The free way to help the channel grow is by subscribing using the link below: https://www.youtube.com/c/KamilSec?sub_confirmation=1 *************Patreon & Channel Support******************* https://www.patreon.com/kamilSec?fan_landing=true​ ********Order your KamilSec (KS) Designs Merch:********** https://kamilsec.creator-spring.com/ ************************************************************** Buy me a coffee if you appreciate my work https://buymeacoffee.com/kamilsec CashApp: $Kamilzak Zelle: kaamilzak@gmail.com Paypal: https://paypal.me/MZakari Thank You!!! ************************************************************* Connect with me on Social Media: Twitter: https://twitter.com/Kamilzak_1​ Instagram: @Kamilzak1