A vulnerability is a characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. In cyber security specifically, it is a characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.
A vulnerability in plain english. If you leave a movie and a mugger jumps out of the bushes to rob you. Whether you’re vulnerable to the threat actor (the Mugger) depends on the weapon they are using and your defensive posture. For example: if the mugger has a knife but you are a black belt in Karate, you may not be vulnerable to the threat. If on the other hand the mugger has a gun and you are not trained in marshal arts of any kind, you may be vulnerable.
Related Term: Weakness, Threat
Source: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
"Being an MSP today is like wearing a neon sign that says, ‘Hack me! I’m the gateway to 100...
Read more
Ever had your phone suddenly lose service for no reason, followed by a flood of “reset your password”...
Read more
As smart homes get smarter, so do their habits of watching, sensing, and reporting. Enter WiFi Motion Detection, a...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
