1

Threat, Vulnerability & Risk Frameworks

This chapter covers various Threat, Vulnerability & Risk Frameworks relevant to GenAI.

First, we will review the Cybersecurity & Data Privacy Risk Management Model (SCF C|P-RMM), a framework which defines Threats, Vulnerabilities, and Risks, in a way that can be easily extended to GenAI.

The definitions found in SCF C|P-RMM will be used throughout the book, with a focus on diferentiating between Threats to GenAI systems. We will not lose sight of Vulnerabilities and Risks, though, as each Threat will be related to these other two on their individual pages.