Many see the terms risk and threat as interchangeable. However in the simplest of terms, risk the probability or frequency of doing harm while threat is the actual or attempted infliction of that harm. Tomato, tomahto? It’s all about keeping your IT assets protected, right?
I was chatting with an IT professional about the benefits of cloud-based security and he kept referring to a recent risk assessment he performed. (And if you haven’t done this lately, you should) But what got the gears in my head turning is how interchangeably he used the terms “risk” and “threat.”
Now on the surface they seem like the same component of security management. I tend to disagree. In its simplest of terms, risk the probability or frequency of doing harm while threat is the actual or attempted infliction of that harm. Tomato, tomahto? Splitting hairs? It’s all about keeping your IT assets protected, right?