Security threat

Security threat

Any action/inaction that could cause disclosure, alteration, loss, damage or unavailability of a company’s/individual’s assets.

In computer security, a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.

A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.

A potential cause of an incident, that may result in harm of systems and organization

A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America.
 

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. 

 There are three components of threat:

> Targets: organization’s asset that might be attacked

   -information (its confidentiality, integrity, availability), software, hardware,       network service, system resource, etc.

>Agents: people or organizations originating the threat –intentional or non intentional.

   -employees, ex- employees, hackers, commercial rivals, terrorists, criminals, general public, customers.

> Events: type of action that poses the threat

-misuse of authorized information, malicious / accidental alteration of

information, malicious / accidental destruction of information, etc.