MD1 Understand risks, threats, and vulnerabilities Flashcards

1
Q

Risk

A

Anything that can impact the confidentiality, integrity, or availability of an asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat

A

Any circumstance or event that can negatively impact assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerability

A

A weakness that can be exploited by a threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security risk

A

One way to interpret risk is to consider the potential effects that negative events can have on a business. Another way to present this idea is with this calculation:

Likelihood x Impact = Risk

For example, you risk being late when you drive a car to work. This negative event is more likely to happen if you get a flat tire along the way. And the impact could be serious, like losing your job. All these factors influence how you approach commuting to work every day. The same is true for how businesses handle security risks.

In general, we calculate risk in this field to help:

Prevent costly and disruptive events

Identify improvements that can be made to systems and processes

Determine which risks can be tolerated

Prioritize the critical assets that require attention

The business impact of a negative event will always depend on the asset and the situation. Your primary focus as a security professional will be to focus on the likelihood side of the equation by dealing with certain factors that increase the odds of a problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk factors

A

As you’ll discover throughout this course, there are two broad risk factors that you’ll be concerned with in the field:

  • Threats
  • Vulnerabilities

The risk of an asset being harmed or damaged depends greatly on whether a threat takes advantage of vulnerabilities.

Let’s apply this to the risk of being late to work. A threat would be a nail puncturing your tire, since tires are vulnerable to running over sharp objects. In terms of security planning, you would want to reduce the likelihood of this risk by driving on a clean road.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Categories of threat

A

Threats are circumstances or events that can negatively impact assets. There are many different types of threats. However, they are commonly categorized as two types: intentional and unintentional.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Categories of threat

  1. Intentional
A

An intentional threat might be a malicious hacker who gains access to sensitive information by targeting a misconfigured application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Categories of threat

  1. Unintentional
A

An unintentional threat might be an employee who holds the door open for an unknown person and grants them access to a restricted area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Categories of vulnerability

A

Vulnerabilities are weaknesses that can be exploited by threats. There’s a wide range of vulnerabilities, but they can be grouped into two categories: technical and human.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Categories of vulnerability

  1. Technical
A

A technical vulnerability can be misconfigured software that might give an unauthorized person access to important data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Categories of vulnerability

  1. Human
A

A human vulnerability can be a forgetful employee who loses their access card in a parking lot. Either one can lead to risk.

Key takeaways

Risks, threats, and vulnerabilities have very specific meanings in security. Knowing the relationship between them can help you build a strong foundation as you grow essential skills and knowledge as a security analyst. This can help you gain credibility in the industry by demonstrating that you have working knowledge of the field. And it signals to your future colleagues that you’re a member of the global security community.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly