Vocab 6

Question 1

A threat assessment that attempts to determine all possible vectors of attack and includes risk factors that may affect the ability of a threat actor to initiate or complete a threat event.

Answer 1

threat modeling

Question 2

A governance and management framework developed by the IT Governance Institute; it has been absorbed as part of COBIT 5. It consists of three main domains: Value Governance (VG), Portfolio Management (PM), and Investment Management (IM).

Answer 2

Val IT

Question 3

A weakness in a system or asset, such as a flaw in software code; it can also be considered to be a lack of protection for an asset, such as an unlocked server room door.

Answer 3

vulnerability

Question 4

An assessment that attempts to discover all potential weaknesses for an asset. Often designed for a third party to come into an organization, take stock of the assets that will be covered within the scope of the assessment, conduct scans and other tests against those assets, and provide a report of the vulnerabilities that have been found.

Answer 4

vulnerability assessment

Question 5

A piece of software designed to scan a system to determine what services the system is running and whether any unnecessary open ports, operating systems and applications, or back doors can be exploited because of a lack of patching or other flaw.

Answer 5

vulnerability scanner

Question 6

A detailed decomposition of the work to be performed during the project, including specific step-by-step tasks, as well as required resources.

Answer 6

work breakdown structure (WBS)