Dis
1
Attack: any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.[1]
Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.[2]
In my opinion, threat can cause damage unconsciously and deliberately. But attack must be implemented on purpose. It also means that threat can result from people as well as other kinds of power and when the safety of Information security faces the threat of other power, people’s control is always limited. But attack must comes from people and can be prevented by people.
Take myself as example, I used to like reveal my private information with the help of some social tools or websites and I didn’t realize that these acts were threats. Until one day, my computer was attacked by someone and he got these information and caused some loss to me. The other example is that two months ago, it was still summer and the temperature was really high. When my friend was playing computer games, the CPU suddenly broken down because of it was too hot.
References:
[1] Free download of ISO/IEC 27000:2009 from ISO, via their ITTF web site.
[2] Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems.

2. study the various attack methods can help people have a deeply understanding of hackers’ means so as to resist their attack and protect their computer, even the society’s computer security. Besides, if we use the attack methods to