The first factor is vulnerability the second factor is threat and the third is risk so let me tell you about the three of them a little bit so first on the list of actual calculation is we have 



Vulnerability

So a vulnerability refers to a known weakness of an asset that can be exploited by one or more attackers in other words it is a known issue that allows an attack to be successful.

 For example

    When a team member resigns and you forgot to disable their access to external accounts change logins or remove their names from the company credit cards this leaves your business open to both unintentional and intentional threats however most vulnerabilities are exploited by automated attackers and on a human typing on the other side of the network next testing for vulnerabilities is critical to ensuring the continuity of your systems by identifying weak points and developing a strategy to respond quickly here are some questions that you ask when determining your security vulnerabilities so you have questions like is your data backed up and stored in a secure off-site location is your data stored in the cloud if yes how exactly is it being protected from cloud vulnerabilities what kind of security do you have to determine who can access modify or delete information from within your organization next like you could ask questions like what kind of antivirus protection is in use what are the license currents are the license current and is it running as often as needed also do you have a data recovery plan in the event of vulnerability being exploited so these are the normal question that one asks when actually checking their vulnerability next up is

Threat

    A threat refers to a new or newly discovered incident with potential to do harm to a system or your overall organization there are three main types of threat national threats like floods or tornadoes unintentional threats such as employee mistakenly accessing the wrong information and intentional threats there are many examples of intentional threats including spyware malware adware companies are the actions of disgruntled employees in addition worms and viruses are categorized as threats because they could potentially cause harm to your organization through exposure to an automated attack as opposed to one perpetrated by human beings although these threats are generally outside of one's control and difficult to identify in advance it is essential to take appropriate measures to assess threats regularly here are some ways to do so and sure that your team members are staying informed of current trends in cybersecurity so they can quickly identify new threats they should subscribe to blogs like Y owed and podcasts like the tech jinx extreme IT that covers these issues as well as joined professional associations so they can benefit from breaking news feeds conferences and Vimanas you should also perform regular threat assessment to determine the best approaches to protecting a system against a specific threat along with assessing different types of tech in addition penetration testing involves modeling real-world threats in order to discover pollen abilities next on the list we have

 Risk 

so risk refers to the potential for loss or damage when a threat exploits a vulnerability examples of risks include financial losses as a result of business disruption loss of privacy reputation or damage legal implications and can even include loss of life risk can also be defined as follows which is basically threat x the vulnerability you can reduce the potential for risk by creating and implementing a risk management plan and here are the key aspects to consider when developing your risk management strategy firstly we need to assess risk and determine needs when it comes to designing and implementing a risk assessment framework it is critical to prioritize the most important breaches that need to be addressed all the frequency may differ in each organization this level of assessment must be done on a regular recurring basis next we also have to include a total stakeholder perspective stakeholders include the business owners as well as employees customers and even vendors all of these players have the potential to negatively impact the organization but at the same time they can be assets in helping to mitigate risk so as we see risk management is the key to cyber security.