From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
Join today to access over 25,200 courses taught by industry experts.
Threats, vulnerabilities, and impact
From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
Threats, vulnerabilities, and impact
- [Instructor] In this lesson, we're diving into three critical concepts that sit at the heart of effective risk assessment in DevSecOps: threats, vulnerabilities, and impact. First, what exactly is a threat? A threat is any potential danger that could exploit a vulnerability to harm your assets or operations. It can come from various sources: cybercriminals, insider threats, natural disasters, or even accidental human errors. Threats are the who or what that might attack you. In DevSecOps, threats could target everything from your cloud infrastructure to your code repositories to your CI/CD pipeline. Now let's talk about vulnerabilities. A vulnerability is a weakness or a flaw that could be exploited by a threat. It's what makes an attack possible. Think of vulnerabilities as the how. They are the pathways that threats used to cause harm. These might include unpatched software, misconfigured servers, or insecure coding practices. Literally, vulnerabilities are everywhere, especially…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.