A specific vulnerability in a system

The likelihood of an attack

A potential danger to an asset, such as data or the network itself

A method used to exploit a vulnerability

The area of the system physically accessible to an attacker

The total number of vulnerabilities in a system accessible to an attacker

The method used to exploit a vulnerability

The likelihood of a threat exploiting a system vulnerability

An exploit that works over the network without prior access to the system

An exploit where the attacker has some type of user or administrative access to the system

An exploit that requires physical access to the system

An exploit where no account on the network is needed

Accepting the risk because it costs less than mitigation

Transferring the risk to a third party, such as an insurance company

Reducing the impact of the risk by taking action to lower it

Eliminating the activity or device that presents the risk

To identify and report vulnerabilities ethically

To commit crimes without personal gain

To violate computer and network security for personal gain or malicious reasons

To work for the government and gather intelligence

Hacktivists

Vulnerability brokers

Script kiddies

Cybercriminals

They protest social and political ideas

They steal government secrets and sabotage networks of foreign entities

They discover vulnerabilities and report them for rewards

They operate small-scale cybercrime networks