Security

Question 1

What is the security triad?

Answer 1

C - Confidentiality means that resources are accessible only to authorized individuals.
I - Integrity means that resources should not be improperly changed
A - Availability, meaning that the resources are available when needed

Question 2

What is a vulnerability?

Answer 2

Vulnerability is a weakness in a resource that exposes it to harm. Examples:

-Poor physical security
-Untrained users
-Improperly configured or installed hardware or software, design flaws

Question 3

What is a threat?

Answer 3

Any event or action that could cause harm. Examples:

-Malware
-Attackers
-Employee mistakes

Question 4

What is impact?

Answer 4

It’s the damage caused when the threat exploits the vulnerability. Examples:

-Data loss
-Financial loss
-Damage to the company’s reputation?

Question 5

Risk

Answer 5

Is the probability or likelihood that a threat exploiting a vulnerability and the corresponding impact

Question 6

Risk Appetite

Answer 6

Is the company’s comfort level regarding risk

Question 7

Residual Risk

Answer 7

Is the risk left over when you’ve done everything that you’re going to do to address risks.

Question 8

Risk Avoidance

Answer 8

When you abandon the risky behavior

Question 9

Risk Mitigation

Answer 9

When you implement controls to reduce risk

Question 10

Risk Transference

Answer 10

When you transfer the risk to a third-party and the classic example is insurance.

Question 11

Risk Acceptance

Answer 11

When you continue the risky behavior without implementing controls