Week 2B - Vulnerabilities

Question 1

Vulnerabilities

Answer 1

Characteristics of, or weaknesses in a system that could be used to cause harm if acted on by a threat

Question 2

What are the 3 main sources of vulnerabilities? (PPP)

Answer 2

1. Property
2. People
3. Procedures

Question 3

What are the 4 types of property?

Answer 3

Physical Assets
Hardware
Software
Data

Question 4

Property - What considerations need to be made for Physical Assets?

Answer 4

Location of Information Assets
Physical Security Mechanisms
Maintenance
Monitoring and Logging

Question 5

Property - What considerations need to be made for Hardware?

Answer 5

Reliability & Robustness: asset and supporting infrastructure
Redundancy

Question 6

Property - What considerations need to be made for Software?

Answer 6

Source of Software: authorized, legitimate and supported
Downloading & Installing Processes
Design, Creation & Testing of Software
Need for Patches & Upgrades
Configuration/Misconfiguration

Question 7

People - What considerations need to be made for Employees

Answer 7

Recruitment of Suitable staff
Monitoring of Access
Training for awareness and organisational processes

Question 8

Processes - What considerations need to be made for Processes Used?

Answer 8

Access Control
Privilege Management
Backup of Files & Systems
Business Continuity Plans
Communication Processes
Staff Induction & Termination Processes