6. Vulnerability Types Flashcards
Vulnerability impact
Vulnerability impact
Vulnerabilities expose organizations to security breaches.
Information security goals
Vulnerability impact
Confidentiality, integrity, and availability.
Confidentiality
Vulnerability impact
Unauthorized changes, hacker alterations, service disruption.
Integrity
Vulnerability impact
To prevent unauthorized changes to information.
Availability
Vulnerability impact
Authorized access, denial of service attacks.
Financial risk
Vulnerability impact
Costs, incident response, data theft, identity theft.
Reputational risk
Vulnerability impact
Negative publicity, loss of goodwill, stakeholder decisions.
Strategic risk
Vulnerability impact
Impact on goals and objectives, product development, competition.
Operational risk
Business process slowdown, customer order delays, manual workarounds.
Compliance risk
Vulnerability impact
Legal and regulatory violations, HIPAA, sanctions, fines.
Evaluating impacts
Vulnerability impact
Categorizing risks, financial, reputational, strategic, operational, compliance.
Supply chain vulnerabilities
Supply chain vulnerabilities
IT organizations rely on external vendors for hardware, software, and services.
Impact on organizations
Supply chain vulnerabilities
Security issues in the supply chain can affect organizational operations.
End-of-life announcements
Supply chain vulnerabilities
Security professionals must monitor vendor announcements about product lifecycle terminations.
Importance of patch management
Supply chain vulnerabilities
Timely patch updates protect systems against new vulnerabilities.
Running products without patches
Supply chain vulnerabilities
End-of-life announcements mean no more patches, making it difficult to maintain secure systems.
Different terms for product support termination
Supply chain vulnerabilities
Terminology varies among vendors; understanding definitions is crucial.
Steps in product lifecycle termination
Supply chain vulnerabilities
Product end-of-sale and end-of-support announcements mark different stages.
Risks of using legacy products
Supply chain vulnerabilities
Legacy products may introduce unpatchable vulnerabilities.
Informal lack of vendor support
Supply chain vulnerabilities
Lack of vendor support can be as dangerous as running an unsupported product.
Vulnerabilities in embedded systems
Supply chain vulnerabilities
Integrated vendor systems may have hidden vulnerabilities.
Risks of relying on vendors for cloud services
Supply chain vulnerabilities
Vendors assume responsibility for managing risks in cloud services.
Importance of vendor viability
Supply chain vulnerabilities
Ensuring vendors remain viable is crucial for sustained support and security.
Mitigating risks in data storage
Supply chain vulnerabilities
Keeping independent backups reduces the risk of vendor inability to provide data access.
