Adobting a security mindset

The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data.

Understand the value of the data and assets you protect, learn from your stakeholders.

Always consider:

• Threats
• Risks
• Vulnerabilities.

Threat

Any circumstance or event that can negatively impact an assets.

Common threats include:

• Insider threats
• Social Engineering, for instance phishing.
• Advanced persistent threats (attackers who maintain access to a system)

Risk

Anything that can impact confidentiality, integrity or availability of an assets, for example the lack of backup protocols. Risk is often rated an low, medium or high.

A basic formula for determining the level of risk is that risk = likelihood of a threat .

Vulnerabilities

A weakness that can be exploited by a threat. For instance an outdated firewall, software or an application, weak passwords or even people.