ABSTRACT
This chapter explores some cyber security fundamental concepts. The term cyber security risk refers to the relationship between the frequency and impact of an attack, normally measured during a 'risk assessment' which is in part a quantification exercise. Manifest risks are those risks that are assessed on the basis of an attack/threat having a proven frequency and impact in the past. Information security risk refers to threats that impact information assets. Typical causes of information security risks include natural, deliberate or accidental occurrences while harmful events may include malware attacks, hacking attacks and 'flooding' attacks. While typical effects encompass data breaches, loss of service and brand damage. Threat actors are things who cause a threat to act upon a thing. Vulnerabilities exploited by an attacker. Gaps in controls are examples of vulnerabilities. The action of squeezing the risk balloon reduces risks, or it forces threats and risks to evolve.
