Module 1 - 02-2 Flashcards
Navigate threats, risks, and vulnerabilities
Define Asset
An item perceived as having value to an organization
Define Threat
Any circumstance or event that can negatively impact assets
Define Social Engineering
A manipulation technique that exploits human error to gain private information, access, or valuables
Define Phishing
A technique that is used to acquire sensitive data, such as user names, passwords, or banking information
True or False?
Phishing exploits human error to acquire sensitive data and private information.
True
Phishing exploits human error to acquire sensitive data and private information. It is one method of social engineering.
Define Risk
Anything that can impact the confidentiality, integrity, or availability of an asset
How would an organization rate risks at different levels (3)?
low, medium, and high, depending on possible threats and the value of an asset
Define Low-Risk Asset
Information that would not harm the organization’s reputation or ongoing operations, and would not cause financial damage if compromised
What are examples of Low-Risk Asset (2)?
public information such as website content, or published research data
Define Medium-Risk Asset
Information that’s not available to the public and may cause some damage to the organization’s finances, reputation, or ongoing operations
What is an example of Low-Risk Asset (2)?
The early release of a company’s quarterly earnings could impact the value of their stock
Define High-Risk Asset
Information protected by regulations or laws, which if compromised, would have a severe negative impact on an organization’s finances, ongoing operations, or reputation
What are examples of High-Risk Asset (4)?
This could include leaked assets with SPII, PII, or intellectual property
Define Vulnerability
A weakness that can be exploited by a threat
What two factors must be present for there to be a risk?
Both a Vulnerability and a Threat must be present for there to be a Risk
What are examples of Vulnerabilities (4)?
An outdated firewall, software, or application;
Weak passwords;
Unprotected confidential data;
People
Define Ransomware
A malicious attack where threat actors encrypt an organization’s data then demand payment to restore access
What are the Layers of the Web (3)?
- Surface Web
- Deep Web
- Dark Web