1
00:00:00,470 --> 00:00:07,880
‫So her other cause, we're going to be using some particular terminology quite often, so it's better

2
00:00:07,880 --> 00:00:13,940
‫if we just define them upfront and then that way, if you get to know them now, you won't be running

3
00:00:13,940 --> 00:00:15,620
‫the glassware every time you come across it.

4
00:00:17,340 --> 00:00:25,050
‫So here we have the asset, people, property and information, people may include the employees or

5
00:00:25,050 --> 00:00:30,630
‫the customers, along with other invited persons such as contractors or guests.

6
00:00:31,590 --> 00:00:38,310
‫Property assets consist of both tangible and intangible items that can be assigned a value.

7
00:00:39,260 --> 00:00:46,130
‫Intangible assets include reputation as well as proprietary information.

8
00:00:47,610 --> 00:00:54,600
‫The information itself may include databases, software codes, critical company records and many other

9
00:00:54,600 --> 00:00:55,710
‫intangible items.

10
00:00:55,980 --> 00:01:00,660
‫In short, an asset is what we are trying to protect.

11
00:01:02,000 --> 00:01:02,630
‫Threat.

12
00:01:03,580 --> 00:01:11,260
‫Anything they could exploit a vulnerability intentionally or accidentally and obtain damage or destroy

13
00:01:11,260 --> 00:01:11,920
‫an asset.

14
00:01:12,520 --> 00:01:17,380
‫In other words, a threat is what we're trying to protect against.

15
00:01:19,150 --> 00:01:27,130
‫Vulnerability, weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized

16
00:01:27,130 --> 00:01:34,600
‫access to an asset, a vulnerability is a weakness or gap in our protection efforts.

17
00:01:36,320 --> 00:01:44,930
‫Risk the potential for loss, damage or destruction of an asset as a result of a threat exploiting a

18
00:01:44,930 --> 00:01:45,710
‫vulnerability.

19
00:01:47,160 --> 00:01:51,780
‫Risk is the intersection of assets, threats and vulnerabilities.

20
00:01:53,130 --> 00:01:57,030
‫So why is it so important to understand the difference between these terms?

21
00:01:58,330 --> 00:02:04,330
‫In my opinion, if you don't understand that difference very specifically, you will never understand

22
00:02:04,330 --> 00:02:08,050
‫the true risk to the assets at stake.

23
00:02:08,890 --> 00:02:17,380
‫You see, when conducting a risk assessment, the formula used to determine risk is a plus T plus v

24
00:02:17,950 --> 00:02:22,270
‫equals R that is asset plus threat.

25
00:02:23,350 --> 00:02:26,890
‫Plus, vulnerability equals risk.

26
00:02:28,980 --> 00:02:29,610
‫Exploit.

27
00:02:30,580 --> 00:02:37,540
‫Literally, it should be defined as a piece of software or a sequence of commands that takes advantage

28
00:02:37,540 --> 00:02:46,450
‫of a vulnerability to cause unintended or unanticipated behavior to occur on computer software or hardware.

29
00:02:47,170 --> 00:02:53,710
‫But I'd like to take a moment to explain it in these words and exploit is an attack on a computer system,

30
00:02:54,400 --> 00:03:00,340
‫especially one that takes advantage of a particular vulnerability the system has or is known for.

31
00:03:01,290 --> 00:03:07,740
‫Used as a verb, exploit refers to the act of successfully making such an attack.