Search

Home >> Knowledgebase >> CCNA Security >> Enterprise Risk Management - Key Definitions

Enterprise Risk Management - Key Definitions

Business world is ever evolving. Many key business factors are complex in nature and unpredictable. Network Security and Enterprise Risk Management (ERM) are related. If Network Security measures are implemented properly, enterprise risks can be avoided to a large extent.

Risk assessment provides a mechanism for identifying which risks represent opportunities and which represent potential pitfalls. Enterprise risk assessments and proper security measures provide more clear view about internal or external business risks.

Key technical terms which Network Security administrators must know are 1) Asset, 2) Vulnerability, 3) Exploit, 4) Threat, 5) Attack, 6) Risk and 7) Countermeasures.

1) Asset: Asset is anything which the organization is invested and which is valuable to the organization. Examples: Properties, Vehicles, Heavy Equipments, Plants, Buildings, Employees, Computers, Data, Intellectual Properties etc. Protecting the organization's assets is the prime function of security (physical security or network security).

2) Vulnerability: Vulnerability can be defined as an exploitable weakness in a system or its design. Every system is human created. Chances for errors, mistakes are always there in every human created systems. Vulnerabilities are always there in Applications, Network Protocols, Operating Systems etc. Vulnerability can be exploited by an attacker to gain access to an organization's network.

3) Exploit: An Exploit can be defined as a way, method or tool which is used by an attacker, on a vulnerability, to cause damage to the target network or system. The exploit can be software that may cause a buffer overflow or a method of social engineering to hack a password.

4) Threat: Threat can be defined as anything danger to an Asset. Threats can be accidentally triggered or intentionally exploited.

5) Attack: Attack can be defined as action taken by an attacker to harm an asset.

6) Risk: The term "Risk" can be defined as potential for loss, compromise, damage, destruction or other negative consequence of an organization's Asset. Risk arises from a threat, multiple threats, exploiting vulnerability. Risk forms an adverse negative impact on an organization's Asset.

Risk = Asset + Threat + Vulnerability

7) Countermeasure: Countermeasure is an action initiated by the organization (typically security professionals) to mitigate a threat.

<< Primary Goals of Network Security
Network Threats and Countermeasures >>
Related Tutorials