Vulnerabilities Trump Threats Maxim: If you know the vulnerabilities (weaknesses), you’ve got a shot at understanding the threats (the probability that the weaknesses will be exploited, how, and by whom). Plus you might even be ok if you get the threats all wrong. But if you focus only on the threats, you’re probably in trouble.
Comment: It’s hard to predict the threats accurately, but threats (real or imagined) are great for scaring an organization into action. It’s not so hard to find the vulnerabilities if you really want to, but it is usually difficult to get anybody to do anything about them. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory