Security+ Study Notes: All About Threats, Risks, and Vulnerabilities

Developer Working on Software Security System

A Security+ Certification is a CompTIA-sponsored certification that shows the bearer’s competence to apply knowledge on different subjects like security concepts and procedures. Among security professionals, it’s one of the leading vendor-neutral certifications.

When studying and taking Security+ practice tests, CertBlaster says that one of the things you have to master is how to develop a security strategy. One of its most crucial aspects is the understanding of basic security terms like assets, vulnerabilities, threats, and risks.

Defining Assets, Risks, Vulnerabilities, and Threats

Companies are always on the lookout to develop and implement the most effective security measures to safeguard their assets. Assets are both intangible and tangible. Examples of intangible assets are trade secrets, company records, and databases, while examples of tangible assets include computer systems and related equipment like printers.

A risk is a chance of something unexpected or anticipated occurring and is a mix of vulnerabilities and threats — or “Risk = Threats x Vulnerabilities.” This means that you need to evaluate potential vulnerabilities and threats to understand the possible risk to company assets.

Threats could occur and differ from natural disasters to unintentional errors by employees and are generally easy to control. Common examples of threats include nature and disgruntled employees. Vulnerabilities, on the other hand, are security flaws that could exploit to access an asset without proper authorization. Common examples include software flaws, human errors, and unpatched systems.

Correlation with a Classic Story

To understand how all these correlate, take the classic story the “Three Little Pigs.” In the story, the first piggy built a straw house, but the wolf destroyed it. The second piggy built a house from sticks, but the tenacious wolf also blew it down. On the other hand, the third piggy built a brick house that the wolf couldn’t just blow down.

The threat is 100% clear in the above-mentioned scenarios because the wolf warned all three piggies that he would “huff and puff and blow your house down” before acting on his threat. When it comes to vulnerability and risk, the straw house is about 90% vulnerable to being destroyed, the stick house about 40% vulnerable, while the sturdy brick house is 0% vulnerable — which also means that it’s 0% at risk.

What’s the moral of the Three Little Pig’s story? Put simply, you could fix vulnerabilities. You simply have to test and resolve them regularly. You could also manage risks by analyzing and addressing urgent challenges first because you risk exposing an asset’s vulnerabilities to more threats and risk if you don’t act on employing effective security fixes as early on as possible.