31 October, 2006

Threats, Vulnerabilities, and Controls

I would be interested in seeing the security blogsphere's take on the relationship between Threats, Vulnerabilities and Controls.

I know that strictly speaking a vulnerability is not the inverse of a control (obviously it is sort of apples and oranges) but there does seem to be a connection.

One of my earlier posts I talked about threat classifications but fleshing it out to include what the environment is like and how to compensate assesments for theat likelyhood vs existing controls would be valuable.

No comments: