Week 10 Flashcards
What is a threat in the context of cyber security?
A potential for loss, damage or destruction of assets or data caused by a cyber threat.
Threats can be adversarial, accidental, structural, or environmental.
Define vulnerability in cyber security.
A weakness in infrastructure, networks or applications that potentially exposes an organization to threats.
Vulnerabilities can lead to unauthorized access or data breaches.
What does likelihood refer to in risk assessment?
The probability that a risk scenario could occur.
How is risk defined?
The potential for an unwanted or adverse outcome resulting from an incident
What is an asset in the context of cyber security?
Any valuable item, tangible or intangible.
What is the formula for calculating risk?
Risk = Threat x Vulnerability.
What does risk impact refer to?
The damage incurred by an event which causes loss of asset(s) or disruption of service(s).
What does negligence mean in cyber security?
Failing to implement necessary security measures and controls, leaving systems vulnerable, or ignoring known risks.
Define due care in the context of cyber security.
Taking reasonable steps to protect data by implementing security policies, procedures, and controls.
A complete investigation process to identify potential cybersecurity risks is referred to as
due diligence
What are the three preferred approaches to risk assessment?
- Quantitatively
- Qualitatively
- Semi-quantitatively.
What is a threat-oriented analysis approach?
Identification of threat sources and threat events.
What does an asset/impact-oriented analysis focus on?
Identification of impacts or consequences of concern and critical assets.
