Blog

Weaknesses or gaps in the protection of assets that can be exploited by Threats in order to compromise the asset.

Which is the risk analysis method that applies a subjective assessment of risk occurrence likelihood (probability) against the potential severity of the risk outcomes (impact) to determine the overall severity of a risk?

Auditing is the process to determine if a user’s credentials are authorized to access a network resource.

Which of these is the process to determine if the credentials given by a user or another system are authorized to access the network resource in question?

Someone who gains access to a system and causes harm is a _____

Your company is instituting a new security awareness program. You are responsible for educating end users on a variety of threats, including social engineering. Which of the following best defines social engineering?

What is the name of the assessment that you must perform before you create your BCP (business continuity plan)?

The principle that users have access to only network resources when an administrator explicitly grants them is called ___________.

What are the different control types?

An action, potential action, or inaction, likely to cause damage, harm or loss.  These can be external or internal, and intentional or unintentional.