40 Copyright Goodheart-Willcox Co., Inc. Section Vulnerabilities and Threats 2.2 With the key security areas of a business or organization identifi ed, the next steps are to analyze the types of situations and hacks that could affect the security of data that could be impacted. This needs to be done in each of the six security domains. One place to start is to consider the vulnerabilities and threats that could occur. Vulnerability or threat? These two terms are often used interchangeably, but they have different meanings. A vulnerability is a fl aw or potential for harm, while a threat is something that takes the vulnerability to a level that the fl aws can be exploited. Malware represents an ongoing threat to an organization due to user actions and the constant threat and variations of malware that exist. A person’s social media account could be a threat to a business network. Should a business be allowed to tell an employee what can or cannot be posted? p ia account co Key Terms adware armored virus backdoor cookie policy cryptomalware digital footprint drive-by-download dumpster diving fi rmware heuristic methodology keylogger logic bomb macro virus malware payload persistent cookie polymorphic virus pretexting ransomware remote access Trojan (RAT) rootkit secure cookie session cookie social engineering third-party cookie threat time bomb Trojan horse vulnerability zero-day vulnerability Learning Goals • Compare and contrast forms of malware. • Explain vulnerabilities that exist in software. • Identify cybersecurity threats outside of malware.