Risk Flashcards
Impact combined with likelihood give rise to______
Risk
Threats and vulnerabilities help determine the likelihood of what?
An impact occuring
Allows organisations to discover and share threat and vulnerability information
Threat intelligence and sharing
What is WARPS
Warning, Advice & Reporting Points
What is CERTs
Computer Emergency Response Teams
What are WARPs and CERTs?
Freely available sources
What is threat categorisation?
Understanding the difference between different types of threats, such as accidental, deliberate, internal and external threats and to anticipate that threats may arise from unexpected sources
What are accidental threats?
Hazards, which are generally environmental in nature eg pandemics, human errors, simple failures of systems and software; fire, floods and power failures. Accidental threats are frequently things that the organisation cannot avoid, it must anticipate and be prepared to deal with
What are deliberate threats?
Hacking; malicious software, sabotage, eg DDoS attacks and cyber terrorism, whether by individual groups or nation states; high-tech crime, either by individuals, corporations or criminal gangs. Again, anticipation is the key factor.
What are some other sources of threats?
Threats from the Dark Web, vulnerabilities of Big Data and the Internet of Things
What are sources of unintentional threat?
Internal employees and contractors, trusted partners; poor software design, weak procedures and processes, managed services and social media. Unintentional threats are frequently the result of failing to follow procedures or cutting corners in order to save time and effort
What are sources of deliberate threat?
Internal(possibly disgruntled) employees and contractors, random attackers, targeting attackers, especially where there is a strong motive. Part of the art of risk management is understanding the likely motivations of attackers, which leads to improved risk assessment and the introduction of more appropriate controls
What is Vulnerability categorisation?
Weaknesses or design failures in both software and hardware, location of or poor design of buildings and facilities, people who may be susceptible to coercion and undocumented, poorly written or unenforced procedures. As with threats, it is important to think outside the box to identify possible vulnerabilities
What are some examples of specific vulnerabilities?
personal computers, laptops, hand held devices such as tablets and smartphones, uncontrolled ‘Bring Your Own Device’ usage, system servers, network devices, wireless systems, web servers and email systems
What contributes to overall risk?
Threat, Vulnerabilities & Asset Values