1.Learning Aim C2

Question 1

What is a risk in the context of cybersecurity?

Answer 1

A threat that could result in some form of loss at some point in time.

Question 2

Why is it important to assess risks to a system or network?

Answer 2

To put appropriate methods in place to prevent or mitigate these risks.

Question 3

What are the measures for risk severity?

Answer 3

Low, Medium, High, Extreme.

Question 4

What factors affect the probability of a threat occurring?

Answer 4

• How easy it is to perform
• How big is the potential reward
• How likely it is to be caught
• How well known or easy to discover is the vulnerability being exploited

Question 5

What are the three key values for quantifying the probability of threats?

Answer 5

• Unlikely
• Likely
• Very Likely

Question 6

How is the impact level of a threat determined?

Answer 6

Based on data loss, restoration time, potential data theft, and financial/reputational harm.

Question 7

What are the three key values for quantifying the impact level of threats?

Answer 7

• Minor
• Moderate
• Major

Question 8

What is the formula for calculating risk severity?

Answer 8

Risk severity = probability of the threat occurring × expected impact level/value of the loss.

Question 9

What does a risk severity matrix help to determine?

Answer 9

The risk severity of each individual threat and quantifies their importance/priority.

Question 10

What are the consequences of a threat classified as extreme?

Answer 10

It will require the organization to spend potentially very large sums to ensure the threat will not occur.

Question 11

Is a risk assessment a one-time task?

Answer 11

False. Risk assessments are ongoing and need to be performed regularly.

Question 12

What is the first step in a risk assessment method?

Answer 12

Identify Possible Threats.

Question 13

What is the purpose of documenting a risk assessment?

Answer 13

To refer to it later when producing a security plan and to justify expenditure on preventative measures.

Question 14

What are the standard headings in a risk assessment document?

Answer 14

• Threat Number
• Threat Title
• Probability
• Impact Level
• Risk Severity
• Explanation of the Threat in Context

Question 15

Fill in the blank: The likelihood of a threat occurring can be classified as _______.

Answer 15

Unlikely, Likely, Very Likely.

Question 16

What is the importance of having a standardized approach in risk assessments?

Answer 16

To ensure consistency in the assessments.

Question 17

What should be included in the explanation of the threat in context?

Answer 17

A detailed explanation of the threat linked to the business context.