What is a threat (in cybersecurity)?
A threat is any circumstance or event with the potential to adversely affect an organization's operations, assets, or people through an information system — for example via unauthorized access, disclosure, modification, or denial of service.
What it means
NIST frames a threat as the potential source of harm to a system. A threat differs from a vulnerability: the vulnerability is the weakness, the threat is what might exploit it (such as an attacker, malware, or even a natural event). Identifying and analyzing threats is part of risk assessment and security-operations work.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Definition source for What is a threat (in cybersecurity)? | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |