Definitions

Question 1

Vulnerability

Answer 1

A weakness in a device, system, application or process that might allow an attack to take place. They are internal factors that can be controlled by cyber pros.

Question 2

Threat

Answer 2

An outside force that may exploit a vulnerability

Question 3

Risk

Answer 3

The combination of a threat and a corresponding vulnerability.

Risk = Threat x Vulnerability

Both of these factors must be present before a situation poses a risk to the security of an organization.

Question 4

Adversarial Threat

Answer 4

Individuals, groups, and organizations that are attempting to deliberately undermine the security of an organization. When evaluating an adversarial threat, cyber pros should consider the capability of the threat actor to engage in attacks, the intent of the threat actor, and the likelihood that the threat will target the organization. Adversarial threats can also include insider, as well as external threats.

Question 5

Accidental Threat

Answer 5

These occur when individuals doing their routine work mistakenly perform an action that undermines security.

Question 6

Structural Threat

Answer 6

These occur when equipment, software, or environmental controls fail due to the exhaustion of resources, exceeding their operational capabilities, or simply failing due to age.

Question 7

Environmental Threats

Answer 7

These occur when natural or man-made disasters occur that are outside of the control of the organization.

Question 8

Technical Controls

Answer 8

Systems, devices, software, and settings that work to enforce confidentiality, integrity, and availability requirements.

Question 9

Operational Controls

Answer 9

Practices and procedures that bolster cybersecurity.