The Definition of Threat

Based on ISO 31000 (risk is the “effect of uncertainty on objectives”), the NIST Generic Risk Model, and the risk metalanguage proposed by Dr. David Hillson, I define a threat as follows:

A threat is a risk with a negative effect as a threat source may initiate a threat event to exploit vulnerabilities and cause an adverse impact on the security objectives if it happens.

Leave a Reply