1: Security principles - risk management process Flashcards
1
Q
threat
A
person or thing that takes action to exploit (or make use of) a target organization’s system vulnerabilities, as part of achieving or furthering its goal or objectives.
2
Q
typical threat actors
A
- INSIDERS(either deliberately, by simple human error, or by gross incompetence).
- OUTSIDE individuals or informal groups (either planned or opportunistic, discovering vulnerability).
- Formal entities that are nonpolitical (such as business COMPETITORS and cybercriminals).
- Formal entities that are political (such as TERRORISTS, nation-states, and hacktivists).
- Intelligence or INFORMATION GATHERERS (could be any of the above).
- TECHNOLOGY (such as free-running bots and artificial intelligence , which could be part of any of the above).
3
Q
Threat Vector
A
The means by which a threat actor carries out their objectives.
4
Q
A