Asset-Based vs. Threat-Based Risk Management

Asset-based risk management focuses your vulnerability efforts on the most critical systems – those most valuable to the enterprise while a threat-based approach focuses instead on the vulnerabilities most likely to be exploited. Are these mutually exclusive? And what about the recent ransomware attacks that typically leveraged low-value systems with easy-to-exploit vulnerabilities?
This video explores these two approaches and gives some ideas on how to use both techniques together in your overall strategy.