CISSP考试指南笔记：1.2安全定义 – 作者:buckxu

由于FB排版太差，请看本人公众号的链接：CISSP考试指南笔记：1.2安全定义

A vulnerability is a weakness in a system that allows a threat source to compromise its security.
漏洞是系统中允许威胁源危及其安全的弱点。
A threat is any potential danger that is associated with the exploitation of a vulnerability.
威胁是与漏洞利用相关的任何潜在危险。
the entity that takes advantage of a vulnerability is referred to as a threat agent.
利用漏洞的实体称为威胁代理。
A risk is the likelihood of a threat source exploiting a vulnerability and the corresponding business impact.
风险是威胁源利用漏洞及其相应业务影响的可能性。
An exposure is an instance of being exposed to losses.
暴露就是遭受损失的一个实例。
A control, or countermeasure or safeguard, is put into place to mitigate (reduce) the potential risk.
控制措施、对策或保障措施，是用于减轻(降低)潜在风险。

Applying the right countermeasure can eliminate the vulnerability and exposure, and thus reduce the risk.
应用正确的对策可以消除脆弱性和暴露，从而降低风险。

来源：freebuf.com 2020-12-12 21:30:19 by: buckxu