Abstract
Perhaps some of the biggest security problems facing all of us using computers and other information systems are the security threats and vulnerabilities that an average computer user has little to no idea about. Even those who have some knowledge of these threats are still in the dark as to how prepare for and avoid them. The focus of this chapter is to explain what these are and how to deal with them in our everyday activities. A security threat to a computing system is a set of events that do not actually exist yet, but are likely to happen, with the potential to cause harm or loss. For example, heavy sustained rain in areas prone to flooding creates a threat of flooding. A vulnerability, on the other hand, is a flaw or weakness currently existing in the system, the security procedures, design, or implementation that could be exploited intentionally or accidentally, resulting in a loss or harm. For example, a broken lock on a door is a vulnerability, because, if known by a thief, it can be exploited to enter the house and cause a loss to property. Finally, a control is a mechanism used to prevent a threat by controlling the vulnerabilities. For example, buying a new lock and replacing the broken lock on the door with it is a control.