COMPARTILHAR

Fonte: IAPP

The news is filled with stories nearly every day of things going awry in technical systems: security, privacy, abuse, ethics and more. Yet one of the most important distinctions — the difference between a vulnerability and an incident — is often overlooked.

  • A vulnerability is an issue with a system in which an adversary could potentially gain unauthorized access to data or systems or otherwise make those systems act in a way that is not respectful of users.
  • An incident is when someone has taken advantage of a vulnerability, whether purposefully or not.

In short, a vulnerability holds the potential for harm; an incident is where harm has occurred.

In some cases, the system operators won’t know if there was an incident when they find a vulnerability. There might not have been enough logging, or that logging might not have been secure enough to prevent an attacker from blocking or removing it.

Clique aqui e leia a matéria completa.

DEIXE UMA RESPOSTA

Deixe o seu comentário
Por favor, insira o seu nome