Cybersecurity Design Principles (CYB 0103) - Lecture #8 Quiz

Questions and Answers

What is the main purpose of asset identification in an organization?

• To identify anything of value to the organization that needs to be protected (correct)
• To specify the consequence should a threat occur
• To identify potential threats to the organization's assets
• To determine the likelihood of occurrence of identified threats

What is the key factor in determining the risk to an asset, according to the text?

• The combination of threat and vulnerability (correct)
• The presence of natural disasters
• The cost to the organization
• The likelihood of occurrence of identified threats

What does vulnerability identification aim to identify?

• The consequence of identified threats
• The likelihood of occurrence of each identified threat
• Exploitable flaws or weaknesses in the organization's IT systems or processes (correct)
• Potential threats to the organization

In the context of risk analysis, what is the formula for calculating risk?

Risk = likelihood of occurrence x cost to organization (C)

What is the main focus of threat identification in an organization?

To identify threats or risks to assets (C)

What is the purpose of determining the likelihood rating in risk analysis?

To specify the likelihood of occurrence of each identified threat (A)

What is the primary focus of vulnerability identification?

To identify exploitable flaws or weaknesses in the organization’s IT systems or processes (B)

"Assets may have multiple threats" implies that:

"Threats from multiple sources" may affect a single asset (B)

What is the purpose of IT security management?

To achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity, and reliability (A)

What is a vulnerability in the context of IT security?

A weakness in an asset or group of assets which can be exploited by a threat (C)

What does the term 'asset' refer to in the context of IT security?

Anything that has value to the organization (B)

What is the main function of an IT security officer in large organizations?

To provide consistent overall supervision and manage security processes within their areas (D)

What is the critical component of the security management process?

Security Risk Assessment (A)

What is the purpose of identifying and analyzing security threats to IT assets?

Selecting and implementing appropriate safeguards (D)

How does an organization protect against errors and risks?

By using periodic security reviews and reflecting changing technical/risk environments (D)

What does the term 'risk' represent in the context of IT security?

The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage (B)

What is the main purpose of a security awareness program in IT security management?

To educate employees about security policies and procedures (A)