Lecture 14

Question 1

What is a risk in the context of information security?

Answer 1

Risk is the potential for loss, expressed as the probability that a threat will exploit a vulnerability with a harmful result.

Question 2

What is the primary goal of risk management?

Answer 2

To reduce risk to an acceptable level.

Question 3

What are the key components of risk analysis?

Answer 3

• Identifying threats
• Evaluating likelihood
• Assessing damage cost
• Analyzing countermeasure costs

Question 4

Define ‘asset’ in risk management.

Answer 4

A system resource that has value and requires protection.

Question 5

What is a vulnerability?

Answer 5

A weakness in an asset’s design, implementation, or management that could be exploited.

Question 6

How do you calculate risk in quantitative risk analysis?

Answer 6

Risk = Probability of Threat × Impact Cost

Question 7

What is qualitative risk analysis?

Answer 7

A risk analysis approach based on expert judgment rather than numerical values.

Question 8

What are the four risk treatment strategies?

Answer 8

• Risk acceptance
• Risk avoidance
• Risk transfer
• Risk reduction

Question 9

What is the ‘Defense in Depth’ strategy?

Answer 9

A security strategy using multiple layers of defense mechanisms.

Question 10

Name the three main security goals.

Answer 10

• Confidentiality
• Integrity
• Availability

Question 11

What are examples of security controls?

Answer 11

• Encryption
• Access controls
• Firewalls
• Intrusion detection systems

Question 12

What is non-repudiation in security?

Answer 12

Assurance that an entity cannot deny having performed an action.