CS1STF: Security Fundamentals - Tutorial 1

Questions and Answers

What does the Vulnerability-Threat-Control framework primarily address?

• Ways to protect assets from potential harm (correct)
• Only identifying different threats
• How to eliminate all types of threats
• Classifying various system vulnerabilities

A threat is solely defined as a malicious act by an attacker.

False (B)

Name the three main components of the Vulnerability-Threat-Control framework.

Threats, Vulnerabilities, Controls

A threat can cause loss or harm by exploiting a __________.

vulnerability

Match the following components with their descriptions:

Threat = A potential circumstance causing harm Vulnerability = A weakness that can be exploited Control = Measures taken to mitigate risks Asset = An entity that needs protection

During the warm-up activity, what is the main focus?

Revisiting various threats (A)

It is mandatory to share your answers on the discussion board after completing the worksheet.

False (B)

What should students do if they need help during the worksheet activity?

Raise their hand to ask the tutor

The exercise involving classifying the threat helps students think about __________.

potential threats

Flashcards

Threat

A set of circumstances that could potentially cause harm or loss, often by exploiting vulnerabilities in a system.

Vulnerability

A weakness or flaw in a system that could be exploited by a threat.

Control

An action or measure taken to reduce or mitigate the impact of a threat.

Vulnerability-Threat-Control Framework

A framework that helps to understand and mitigate security risks. It focuses on the relationship between threats, vulnerabilities, and controls.

Security Thinking

The practice of actively analyzing and evaluating potential threats and vulnerabilities in a system.

Security Fundamentals

Identifying and understanding basic security concepts and principles.

Threat Execution

The act of putting a threat into action, aiming to exploit a vulnerability and cause harm.

Harm

The outcome or consequence of a successful threat execution, leading to damage or loss.

Proactive Security

The process of actively thinking about potential threats and vulnerabilities to safeguard assets. It involves proactive steps to minimize risk.

Study Notes

CS1STF: Security Thinking & Fundamentals - Tutorial 1/10

• Activities Outline:
  • Warm-up activity (15 minutes)
  • Individual worksheet (1 hour), including exam-style practice exercises
  • Review (20 minutes), model solutions available on Blackboard

Warm-up Activity

• Focus: Revisiting threats

Vulnerability-Threat-Control Framework

• A framework to understand protection methods
• Describes how assets are harmed and how to mitigate harm
• Shows the relationship between threats, vulnerabilities, the system, and controls

Threats in More Depth

• Threat: A set of circumstances with the potential to cause harm, often by exploiting vulnerabilities
  • Causes:
    • Natural (e.g., fire, power failure)
    • Human (e.g., malicious intent, human error, benign intent)
  • Types:
    • Benign intent
    • Malicious intent
    • Random
    • Directed (e.g., impersonation)
    • Examples: 'malicious code on a general web site', 'human error'

Tutorial Worksheet

• Step 1: Download worksheet from Blackboard
• Step 2: Complete exercises individually or in groups; ask for tutor assistance if needed
• Step 3 (optional): Post answers to discussion board on Blackboard (anonymously possible)
• Step 4: Review and rate classmate's answers, provide feedback

Optional: Input to Discussions

• Week 1/Exercise 2: Distinguish between threat, control, and vulnerability
• Week 1/Exercise 4: Provide an example where a confidentiality breach leads to a compromise in integrity
• Week 1/Exercise 6: Identify relevant assets, and associated threats.