Lesson 1

Question 1

Threat

Answer 1

Potential Danger

Question 2

Vulnerability

Answer 2

A weakness

Question 3

Threat actor

Answer 3

adversary with malicious intent

Question 4

Exploit

Answer 4

When a threat actor successfully takes advantage of a vulnerability

Question 5

Controls

Answer 5

Tactics or mechanisms or strategies to proactively minimize risks

Question 6

3 ways controls minimize risks

Answer 6

Reduce or eliminate
1) vulnerability
2) likelyhood a threat actor will be able to exploit a vulnerability
3) impact of an exploit

Question 7

Countermeasures

Answer 7

controls implemented to adress a specific threat. Reactive and more effective, but less broadly efficient (example: block specific IP)

Question 8

Functionality

Answer 8

what a control does

Question 9

effectiveness

Answer 9

how well control works

Question 10

Assurance

Answer 10

measure of confidence measured controls are effective

Question 11

control objective

Answer 11

statement of desired result/purpose to be achieved by implementing a control or set of controls

Question 12

Defense-in-Depth
(layered security)

Answer 12

design and implementation of multiple overlapping layers of diverse controls

Question 13

security control baseline

Answer 13

minimum standards for a given environment

Question 14

scoping

Answer 14

elimining unnecessary baseline recommendations

Question 15

tailoring

Answer 15

customizing baseline recs to align with organizational requirements

Question 16

Compensating

Answer 16

substituting a recommended base control with a similar control

Question 17

supplementing

Answer 17

augmenting to base recommendations

Question 18

Cost-benefit analysis

Answer 18

process of comparing estimates costs & benefits