vulnerability and risk Flashcards
1
Q
Risk management
A
can be defined as the identification, assessment, and prioritization of risks, and the mitigating and monitoring of those risks. Specifically, when talking about computer hardware and software, risk management is also known as information assurance (IA) . The two common models of IA include the well-known CIA triad (which we covered in Chapter 1 , “Introduction to Security”),
and the DoD “Five Pillars of IA,” which comprise the concepts of the CIA triad
(confidentiality, integrity, and availability) but also include authentication and nonrepudiation