(1)Identify Threats Flashcards

1
Q

How do organizations start their risk assessment process?

A

Organizations start off the risk assessment process by figuring out what threats exist in their system, environment, locations, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What four categories of threats does NIST identify that an organization might face?

A

The four threats are

1.Adversarial Threats
2.Accidental Threats
3.Structural Threats
4.Environmental Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are adversarial threats?

A

Adversarial Threats are people, groups, and orgs that try to intentionally bypass or damage an organizations security system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do adversarial threats include?

A

Adversarial threats include people inside the company, competing people or people groups, partners, people or components of the supply chain, and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What should analysts consider when reviewing an adversarial threat?

A

Analysts should consider skills of the actor, what their goal is, and how likely that they will target the org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are accidental threats?

A

Accidental threats happen when people doing their everyday work do something that hurts security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When reviewing accidental threats, what should an analyst consider?

A

The analyst should consider all of the possible effects that could happen to the org as a result of the threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are structural threats?

A

Structural threats happen when equipment, programs, or environmental controls don’t do their job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some examples of structural threats?

A

Structural threats could include:

-Resources running out (no more fuel)

-The operational ability being overtaxed (such as a computer falling off a desk)

-Failing due to being too old

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where can structural threats originate?

A

Structural threats could originate from:

-Technology pieces (computers, network devices, etc.)

-Software (Operating systems, applications)

-Environmental components (power, heating and cooling systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What can environmental threats include?

A

Environmental threats could include disasters that are caused by humans or nature that the organization cannot foresee, such as:

-Flood
-Storm
-Power Failures
-And more

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do security analysts need to consider when investigating environmental threats?

A

Security Analysts should consider the events that are most likely to happen in their region (example, if they are in a desert, they probably don’t need to plan for blizzards)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a good comparative best practice for an organization when completing a risk assessment?

A

A good best practice is to get copies of risk assessments that are done by other organizations as a beginning point for their own review.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly