The probability that a specific vulnerability within an organization will be successfully attackedThe risk that remains to an information asset even after an existing control has been appliedA means to target a specific vulnerabilityThreat agentStandardHackerTrojan horseLikelihoodResidual riskExploit Show The process used to identify and then control risks to an organization’s information assetsA segment of code that performs malicious actionsQuestion 41 / 1 ptsA(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.threatintellectual propertyTrojan horsepayloadQuestion 51 / 1 ptsA(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.business impact analysis (BIA)Risk managementVirus business continuity analysis (BCA)incident response analysis (IRA)threat analysisQuestion 61 / 1 ptsA ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down.DoSspywareTrojan horsesocial engineeringQuestion 71 / 1 ptsInformation assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction. risk assessmentintegrityavailabilityconfidentialityQuestion 81 / 1 ptsA(n) ____________________ is defined as a “flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or violation of the system’s security policy.”Question 91 / 1 ptsA ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.business continuity planincident response planvulnerability risk assessment plandisaster recovery planQuestion 101 / 1 ptsFor the purpose of making relative risk assessments, we can say that ____________________ equals the likelihood of a vulnerability occurring times thevalue (or impact) of that asset to the organization minus thepercentage of risk that is already being controlled plus an element of uncertainty. Upload your study docs or become a Course Hero member to access this document Upload your study docs or become a Course Hero member to access this document End of preview. Want to read all 59 pages? Upload your study docs or become a Course Hero member to access this document Is the probability that a specific vulnerability will be attacked?Likelihood is the overall rating of the probability that a specific vulnerability will be exploited or attacked. Some threats can manifest in multiple ways, yielding multiple vulnerabilities for an asset-threat pair.
What is likelihood of a vulnerability?Definition(s): Chance of something happening. A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities.
What is the assessment of the amount of risk an organization is willing to accept for a particular information asset?The recognition, enumeration and documentation of risks to an organization's information assets is known as risk control. An evaluation of the threats to information assets, including a determination of their potential to endanger the organization, is known as exploit assessment.
How do you identify the risk of the vulnerability?Use available and approved tools and techniques to identify the vulnerabilities and attempt to exploit them. Penetration testing is one common method. Vulnerability Assessment Reporting. Summarize your findings, including name and description of vulnerability, score, potential impact, and recommended mitigation.
|
The probability that a specific vulnerability within an organization will be successfully attacked
Urheberrechte © © 2024 paraquee Inc.
