Week 1B - Threats, Vulnerabilities, Incidents & Attacks

Question 1

Threat

Answer 1

A set of circumstances with the potential to cause harm assets by compromising security goals

Question 2

Vulnerabilities

Answer 2

Characteristics of, or weaknesses in a system that could be used to cause harm if acted on by a threat

Question 3

What is a security incident?

Answer 3

When a threat and vulnerability coincide, resulting in harm to the information asset

Question 4

What is an attack?

Answer 4

An attack is a security incident where vulnerabilities are deliberately/intentionally exploited

Question 4

What are the 3 Information States?

Answer 4

• In Storage
• In Transmission
• Being Processed (In Use)

Question 5

What is a control?

Answer 5

Used to protect information assets or business goals by countering threats or reducing vulnerabilities

Question 6

What are the 3 types of security controls?

Answer 6

Preventative, Detective, Corrective

Question 7

Preventative Controls

Answer 7

Aim to prevent or reduce the likelihood of an incident occuring

Question 8

Detective Controls

Answer 8

Monitoring to identify attempts or successful exploited vulnerabilities

Question 9

Corrective Controls

Answer 9

Aim to recover from harm to information assets and or business goals