Answer:
I dont think that these four do not need because When we are discussing risk management, you can examine domains separately. Each domain represents a specific target. Some attackers have the skill they focus on the User Domain. Other attackers may be experts in particular applications, so they focus on the System/Application Domain. Similarly LAN and Workstation Domain.
Explanation:
When a threat exploits a vulnerability it is a loss. The impact determine the severity of the loss. A threat is potential to cause a loss. Threat as any activity represents a possible danger. Threats cannot be destroyed, but they controlled. Threats have independent probabilities.For example, an attacker attacking Web servers hosted on Apache. There is a company that can stop this attacker from trying to attack. A company can reduce or eliminate vulnerabilities . Threats are exploit vulnerabilities that result in the loss of confidentiality, integrity, or availability of a business asset. In other words, risks to confidentiality, integrity, or availability represent potential loss to an organization. Because of this, a significant amount of risk management is focused on protecting these resources.
