Author: Gabriel Mandefu, Operational Business Analyst, Tenke Fungurume Mining S.A.R.L.
Some of the key concepts in the information security world have two aspects: technical, which refers to use of technology-based methodology to secure your business, and non-technical, which refers to the governance aspect of the security of a company. Risk and vulnerability assessment are part of those concepts. These terminologies are taught no matter which career path you choose in InfoSec. Tons of free material are available online, as well as formal training courses on this subject. However, as with any business, the audience is the first consideration. Those material are written with a target reader/student in mind. Hence, most of the time, just one aspect of the concept is emphasized.