A threat is any incident that can cause damage to a system and can create a loss of confidentiality, availability, or integrity. Threats can be deliberate or accidental.
A vulnerability is a latent weakness in a system that can be exposed by a threat. Decreasing system vulnerability reduces overall risk and can also limit the impact of threats on the system.
Threats: Threats can be classified into several categories, including malicious activities, accidental loss and inappropriate actions.
Malicious Activities: Malicious activities are deliberate threats usually for personal gain or for imposed destruction. These deliberate activities include actions such as software cracking, keyloggers, viruses, shoulder surfing, password guessing, and any actions that are prohibited, destructive, are done for gain. Also included is theft, which includes swiping of information or trade secrets for profit or unauthorized disclosure, and physical looting.
Accidental Loss: Accidental loss is a loss that is sustained involuntarily. Accidental loss can include: input errors and omissions by an operator, or accounting errors introduced into the data through faulty processing procedures.
Inappropriate Activities: Inappropriate activities may not fall into the malicious category but might be grounds for dismissal. These include using organizational systems to store inappropriate content such as pornography, political, or violent content, sexual or racial harassment; waste of organizational resources and the abuse of privileges, which includes unauthorized access to information to compromise the confidentiality of sensitive company information.