Lesson 4 Flashcards
What is Risk?
The possibility or likelyhood of a threat exploiting a vulnerability resulting in a loss,damage or destruction of an assest.
What is Total/inherent risk?
Totality of all risk before the application of countermeasures/safeguard.
What is residual risk?
remaining potential risk after all security controls or countermeasures are applied.
What is information security risk?
The risk to organization’s operation, organizational assets, individuals, and the Nation due to the potential for unauthorized access, use, disclosure, modification, or destruction of information and or information system.
What is a threat vector?
It’s the method that an attacker uses to get to a target.
This might be a hacker toolkit,social engineering, physical intrusion.
What is a threat analysis?
Threat analysis is used to assess an organization’s security protocols to identify threats, and vulnerabilities, and gather knowledge of a potential attack
What is the main objective of cyber threat analysis?
To arrive at answers that help create and support counter-intelligence investigations, leading to the elimination of a threat
What are the steps in identifying Cyber Security Threat Analysis?
- Identify all network assets
- Collect data from network traffic monitoring
- Trigger
- Investigation
- Response and Resolution
What is likelihood and how is it determined?
The probability that a potential vulnerability may be exploited by a threat.
it’s determined by analyzing the threat to the Information system concerning the potential vulnerability and the adequacy of the security controls that are in place
What is a vulnerability?
A weakness or gap in a system
internal vulnerability scan
These scan and target your internal corporate network. They can identify vulnerabilities that leave you susceptible to damage once a cyber attacker or piece of malware makes it to the inside. These scans allow you to harden and protect applications and systems that are not typically exposed by external scans.
External vulnerability scan
These scans target the areas of your IT environment that are exposed to the external internet or are otherwise not restricted to your internal users or systems. They can include websites, ports, services, networks, systems, and applications that need to be accessed by external users or customers.
compliance scans
These scan the configuration variables of your system against standard industry baselines like DISA and CIS. Compliance scans can also be customized based on your individual approved system configuration. These scans will highlight any configurations that do not meet industry best practices or your individual configuration baseline.
credentialed scan
A Credentialed scan is a much safer version of the vulnerability scanner. It provides more detailed information than a Non-Credentialed scan. You can also set up the auditing of files and user permissions.
non-credential scan
A Non-Credentialed scan will monitor the network and see any vulnerabilities that an attacker would easily find; we should fix the vulnerabilities found with a Non-Credentialed scan first, as this is what the hacker will see when they enter your network. For example, an administrator runs a Non-Credentialed scan on the network and finds that there are three missing patches. The scan does not provide many details on these missing patches. The administrator installs the missing patches to keep the systems up to date as they can only operate on the information produced for them
