03. Vulnerability and Control Deficiency Analysis

Question 1

Vulnerability and Control Deficiency Analysis

Any weakness in a system that permits an attacker to compromise a target process or system successfully

Answer 1

Vulnerability

• not the attack vector or technique

142

Question 2

Vulnerability and Control Deficiency Analysis

The attack vector or technique that could be used to exploit a vulnerability

Answer 2

Threat

143

Question 3

Vulnerability and Control Deficiency Analysis

Vulnerabilities usually take one of the following forms

Answer 3

1. Configuration fault
2. Design fault
3. Known unpatched weakness
4. Undisclosed unpatched weakness
5. Undiscovered weakness

143

Question 4

Vulnerability and Control Deficiency Analysis

Vulnerabilities exist everwhere. Security managers should consider that every component of every type system has both known and unknown vulnerabilities. Common places where vulnerabilities exist

Answer 4

1. Network Devices
2. Operating systems
3. Database Management Systems
4. Software Applications
5. Physical Security
6. Business Processes
7. Personnel

144

Question 5

Third Party Vulnerability Identification

Organisations typically outsource at least part of their Software or IT operation. Organisations fail to thoroughly understand the…

Answer 5

Security Responsibility Model

• Fail to understand which poritions of security are their responsibility and which are managed

144