Journalists and others sometimes mix phrases for cybersecurity concepts. The public can pick up these misnomers, resulting in confusion. Confusion during meetings between technology practitioners and management wastes time that could otherwise be useful to make progress toward solving a problem (perhaps some of you have sat through a frustrating first half of a meeting where this disconnect was gradually discovered by those present). Some basic vocabulary definitions must be reinforced for cybersecurity practitioners to reduce the confusion that can creep into conversations and meetings. Please write about these concepts listed below and support your definitions and discussions with reference sources that do not confuse the definitions.
For your initial post, discuss the two topics below. Respond to posts from other students.
- Define and differentiate Vulnerability, Risk, and Threat
- Define the term “Zero-Day Exploit”. Discuss some recent examples where one or two ZDEs were used to bypass cybersecurity controls to open a hole in vulnerable Critical Infrastructures, SCADA systems, or Industrial Control Systems (ICS) so malicious code could enter to cause disruptive effects. Describe how ZDEs can possibly be used by nation states, criminals, and political extremists.
Background Resources
Wk 1 – Zero Day Exploit
Zero Day Exploit (source)
Wk 1 – Critical Infrastructure Security and Industrial Control Systems
Critical Infrastructure Security and Industrial Control Systems (source)