In this article, I will use layman’s terms and descriptions to help you understand the various fundamental concepts of Risk Management in Information Security. To illustrate those concepts, I like to use a popular diagram1 from Common Criteria, shown below: In the center of this diagram you’ll find the term vulnerabilities. Vulnerabilities are any weaknesses [...]