Risk Analysis & Ethics

Question 1

Risk Analysis

Answer 1

Focuses on the identification and understanding of risks

1. Identify future events
2. Identify the causes of the future events
3. Understand and evaluate the consequences

Question 2

Risk Evaluation

Answer 2

The process of assessing the severity and likelihood of a risk, determining how harmful it could be and how probable it is to occur.

(about figuring out how bad a risk could be and how likely it is to happen.)

Question 3

Risk Assessment

Answer 3

Risk Analysis + Risk Evaluation

Question 4

Parts of security management

Answer 4

Security Risk Assessment
(Threats / likelihood
Vulnerabilities / exploits
Assets / impact
Countermeasures)

Risk Mitigation
(Safeguard implement
Additional controls)

Operational Security
(Patches
Incident handling training)

Test & review
(Scanning
Audit controls)

Question 5

What is Meta-ethics

Answer 5

What is goodness?

How to tell bad from evil?

Question 6

Normative ethics

Answer 6

What should I do?

Virtue ethics
Deontology ethics
Consequentialism

Question 7

Applied ethics

Answer 7

What should I do in this specific case?

Bioethics
Technology
Security & privacy

Question 8

Explain the different disclosures

Answer 8

Full disclosure - posting it for all to see
Non-disclosure - don’t do anything
Coordinated disclosure - CVD policy on the receiving end

Question 9

Informational self-determination

Answer 9

”The claim of individuals, groups and institutions to DETERMINE THEMSELVES, WHEN, HOW and TO WHAT EXTENT information about them is communicate to others”