Understanding risk is also a vital element of network design. Risk is the chance that a threat will exploit or take advantage of a vulnerability. A threat is something that can cause harm (a hacker, a flood, etc), while a vulnerability is a weakness in a systems (poorly configured firewall, unpatched system, etc). Every time a threat can exploit a vulnerability (threat action), we have a risk. For example, there is a possibility (risk) that a disgruntled employee (threat) could delete sensitive data from the network (threat action) because of poor file system access controls (vulnerability).

Choose a company or industry to examine risk for. If you currently are working, try and use your knowledge of your current company. Determine and list at least 3 risks, threats, vulnerabilities, and threat actions for your company of choice. For each risk, determine how you would mitigate the risk. Mitigation is attempting to lessen the impact or likelihood of a risk occurring.