September 14, 2021

“Glass Window” analogy to explain the concept of an Attack Surface, Vulnerability, Threat, Threat Actor, Exploit and Risk to non-tech/cybersecurity people.

Today I came up with an analogy to explain the concept of an Attack Surface, Vulnerability, Threat, Threat Actor, Exploit and Risk to non-tech/cybersecurity people.

I call this explanation the “**Glass Window Analogy**” and it goes like this:

>Suppose you have a glass window in your workspace with a small crack in the corner.

* The whole surface of the glass panel exposed to the outside world is an **ATTACK SURFACE**.
* The small crack in the corner is a **VULNERABILITY** that can cause the panel to shatter.
* If you bring a small stone in this scenario, then that stone is a ‘threat’ to the window as it can **EXPLOIT** that ‘crack vulnerability’ to shatter your glass pane if it hits the panel near the crack.
* The person, who will throw that stone is the **THREAT ACTOR.**
* The **RISK** is the possibility of your or someone else’s action causing damage to your window, for example- “playing with a bouncy ball near a cracked glass panel” is a *High-Risk* implementation, while “Flying a paper aeroplane near a cracked glass window” is a *Low-Risk* job.

Of course, this is not perfect, feel free to suggest modifications or enhance this in the comments :)

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.