Cybersecurity Design Principles (CYB 0103) - Lecture #8 Quiz

Questions and Answers

PDF Questions PDF Answers

What is the main purpose of asset identification in an organization?

To identify anything of value to the organization that needs to be protected (correct)

To specify the consequence should a threat occur

To identify potential threats to the organization's assets

To determine the likelihood of occurrence of identified threats

What is the key factor in determining the risk to an asset, according to the text?

The combination of threat and vulnerability (correct)

The presence of natural disasters

The cost to the organization

The likelihood of occurrence of identified threats

What does vulnerability identification aim to identify?

The consequence of identified threats

The likelihood of occurrence of each identified threat

Exploitable flaws or weaknesses in the organization's IT systems or processes (correct)

Potential threats to the organization

In the context of risk analysis, what is the formula for calculating risk?

Risk = likelihood of occurrence x cost to organization

What is the main focus of threat identification in an organization?

To identify threats or risks to assets

What is the purpose of determining the likelihood rating in risk analysis?

To specify the likelihood of occurrence of each identified threat

What is the primary focus of vulnerability identification?

To identify exploitable flaws or weaknesses in the organization’s IT systems or processes

"Assets may have multiple threats" implies that:

"Threats from multiple sources" may affect a single asset

What is the purpose of IT security management?

To achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity, and reliability

What is a vulnerability in the context of IT security?

A weakness in an asset or group of assets which can be exploited by a threat

What does the term 'asset' refer to in the context of IT security?

Anything that has value to the organization

What is the main function of an IT security officer in large organizations?

To provide consistent overall supervision and manage security processes within their areas

What is the critical component of the security management process?

Security Risk Assessment

What is the purpose of identifying and analyzing security threats to IT assets?

Selecting and implementing appropriate safeguards

How does an organization protect against errors and risks?

By using periodic security reviews and reflecting changing technical/risk environments

What does the term 'risk' represent in the context of IT security?

The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage

What is the main purpose of a security awareness program in IT security management?

To educate employees about security policies and procedures