Task 2 -- Evaluating Threats and Vulnerabilities Flashcards
What is a threat
A threat is any verbal or physical conduct that conveys an intent or is reasonably perceived to convey an intent to cause physical harm or to place someone in fear of physical harm.
Categories of Threats
Threats can be divided into two categories:
MANMADE THREATS, and NATURAL THREATS
MANMADE THREATS; Evaluation of intentional threats is based on identification and study of potential adversaries. Assessors should think outside the box when listing potential adversaries: not just employees but also terrorist organizations, organized crime groups, aggressive business competitors, and activist groups (such as environmental groups).
In most cases, adversaries can be judged according to their capabilities to cause a loss event (or attack) and their intentions to do so.
NATURAL; Natural threats are typically evaluated using historical trends and statistics. Long-term data is generally collected on weather and other natural hazards for specific geographic areas, terrains, and environments. In some cases, natural hazard effects data has been assembled for particular industry sectors or facility types.
Although this data provides extremely useful planning information, assessors must recognize that the unexpected can and usually does occur. Therefore, comprehensive contingency planning and at least some degree of all-hazard preparedness is strongly recommended by most professionals.
“A security weakness or practice that may facilitate or allow a threat to occur”, defines which of the following?
Vulnerability
Vulnerabilities
Vulnerability is the state of being susceptible to harm or injury. Vulnerabilities can be evaluated in different ways, but one common approach is to measure them in terms of observability and exploitability:
bullet
Observability is the ability of an adversary to see and identify a vulnerability. For example, a hole in a chain link perimeter fence will likely be highly observable by a potential adversary, whereas an inoperable video camera would not.
bullet
Exploitability is the ability of the adversary to take advantage of the vulnerability once aware of it.