Definition: Attacks against information infrastructure may be categorized into two mains groups. One method would be electronic or logical-based (i.e. viruses, Trojan horses, etc.). Another would be physically-based (i.e. someone dropping equipment or pouring water on to delicate circuits). Assaults against a computer information system can be intentional (from internal or external forces) or unintentional action as the result of careless employees. Care must be taken to assess and mitigate all threats. Attacks can be called threat vectors.
Its Relevance:: Computer systems function in an asymmetric threat environment. Potential damage can come from a variety of sources. One of the more common challenges is the category of attacks is malicious software (designed to cause damage). Threats against an information system can also appear in the form of weather phenomena such as a tornados or hurricanes from electronic disturbances.
Organizations must conduct comprehensive threat assessments against their particular infrastructure and take steps to mitigate potential damage. Together with a vulnerability assessment a realistic cyber risk profile can be constructed.