Chapter 2 Flashcards
Likelihood
Likelihood of occurrence quantifies the probability of a threat materializing, considering factors such as intent, capability, targeting, and its potential to cause harm.
Likelihood Assessment Process
Organisations follow a three-step process, evaluating the likelihood of a threat event, the potential harm it could cause, and combing these assessments to gauge the overall likelihood of the threat’s impact.
Threat-Vulnerability Pairing
Threat-vulnerability paring involves identifying and linking particular threats to vulnerabilities within a system.
Challenges in Threat-Vulnerability Pairing
Challenges include dealing with numerous threats and vulnerabilities, a lack of useful detail, multiple weaknesses for a single threat, and cases where no effective security controls exist.
Threat Shifting
Threat shifting occurs when attackers change their strategies after seeing that the organisation has implemented more security controls.
Uncertainty
Dealing with unknowns in risk assessment.
Risk Assessment Methodology
A risk assessment methodology comprises a well-defined process, risk model, assessment approach, and analysis approach.
Timeframe in Risk Assessment
Risk assessments adapt to the timeframe available for planning investment decisions, and policy changes.
Complexity in Risk Assessment
When things get complicated, we use different risk assessment methods that fit the organization’s unique situation and the specific risks we’re dealing with.
Development Stage in Risk Assessment
The point at which a system is being created or developed affects how we look at risks, making sure we deal with them at the right times during the development process.
Risk Model
Risk model are like blueprints that help us understand and measure risk. They define risk factors and relationships.
Risk Factors
Risk factors include threats, vulnerabilities and impacts, shaping the risk landscape within a system and their potential consequences.
Relationships in Risk Models
Risk models illustrate the intricate relationships between factors like likelihood and impact, providing insights into how these elements interact within a risk context.
Threat Event
A threat event signifies the realisation of a threat.
Threat Source
Threat sources can be individuals, situations, or technical anomalies that have the potential to introduce harmful elements into an organisations environment.