Traditional VM tends to adopt the “everything is a risk” view, which leaves Security and IT teams scrambling to somehow prioritize and remediate an ever-increasing list of vulnerabilities, many of which don’t actually pose a real danger to the organization. Helping businesses manage cybersecurity risk is the job of vulnerability management (VM) solutions. No matter how you deal with it, the end goal remains the same-to keep your overall risk low, manageable and known. And though risk can never be 100% eliminated-cybersecurity is a persistently moving target, after all-it can be managed to a level that satisfies your organization’s tolerance for risk. It incorporates not just the potential or probability of a negative event, but the impact that event may have on your infrastructure. What is Risk? An organization’s risk profile fluctuates depending on internal and external environmental factors. So when a threat targets a vulnerability that exists in your IT infrastructure, network or applications, it can result in risk to your assets, data or business. And a vulnerability is a weakness in your infrastructure, networks or applications that potentially exposes you to threats. Threat is a process that magnifies the likelihood of a negative event, such as the exploit of a vulnerability. In a nutshell, risk is the potential for loss, damage or destruction of assets or data caused by a cyber threat. Here, we’ll explain what they mean and why they’re important. The distinctions may be fundamental, but they’re also important. Mixing up these terms clouds your ability to understand how the latest vulnerability management tools and technologies work, and impedes communication with other security (and non-security) professionals. Three of the most commonly confused terms are risk, threat, and vulnerability.
![risk vs risk 2 risk vs risk 2](https://assets.rockpapershotgun.com/images/2019/04/RiskofRain1.jpg)
And since cybersecurity has a lot of moving parts, it’s easy for those new to vulnerability management to get them mixed up. To lay people or novices, these terms often blend together and even seem interchangeable. What separates security jargon from some other types is the preciseness cybersecurity professionals use within their language.
![risk vs risk 2 risk vs risk 2](http://xenon.markshahid.co.uk/site/wordpress/wp-content/uploads/2017/02/RiskGrid.png)
Like any other industry, cybersecurity has its own vernacular. Words matter, especially in cybersecurity vulnerability to help you see how they’re different-and how they’re related. And a vulnerability is a weakness that exposes you to threats, and therefore increases the likelihood of a negative event. Threat is a negative event, such as the exploit of a vulnerability. In cybersecurity, risk is the potential for loss, damage or destruction of assets or data.