1.6 Explain the security concerns associated with various types of vulnerabilities

Question 1

Newly discovered attacks for which there is no specific defense available from the vendor of the vulnerable product.

Answer 1

Zero day attacks

Question 2

Increases the risk of data loss, data leakage, and overall system compromise, when this is allowed to remain while a system is in active productive use.

Answer 2

Misconfiguration/ weak configuration

Question 3

A risk management tool that can protect a company against the failure of a third-party software developer.

Answer 3

Software escrow agreement (SEA)

Question 4

The risks incurred when an organization depends on custom developed software or software products produced through outsourced code development.

Answer 4

Outsourced code development risks

Question 5

The risks incurred when working with a third-party data storage entity. Requirement must be defined in the SLA. Control over uploaded, backup, and archival data is maintained by encrypting it before it is transferred to the third-party storage solution.

Answer 5

Data storage risks

Question 6

Can include, but not limited to data loss/breach/exfiltration, identity theft, financial, reputation, and availability loss.

Answer 6

IT/IS impacts