Lecture 2

Question 1

What is the relationship between risk and security controls?

Answer 1

The amount of risk drives reasons to invest in security controls

Question 2

In the practical sense, what are security controls?

Answer 2

Knowing vulnerabilities and mitigating them

Question 3

What is Vulnerability Management?

Answer 3

The Practice of:
1. Knowing known vulnerabilites in an environment
2. Mitigating them

Question 4

A vulnerability assessment is a set of… what?

Answer 4

A set of activities used to identify security weaknesses in the system

Question 5

What are the steps in the Vulnerability Management Life Cycle (4)?

Answer 5

• Collect Data
• Analyze Data
• Make Recommendations
• Implement Recommendations

Question 6

• Regulatory compliance
• Satisfying customer demands
• Response to some fraud/incident

Within the context of our course, what are these?

Answer 6

Business drivers for vulnerability management

Question 7

• Gaining a competitive edge
• Safeguarding/protecting critical infrastructures

Within the context of our course, what are these?

Answer 7

Business drivers for vulnerability management

Question 8

• Payment Card Industry Data Security Standard (PCI DSS)
• Canada’s Information Technology Security Guidance Publication 33 (ITSG-33)
• Health Insurance Portability and Accountability Act (HIPAA)

Your organization deals with these regulatory standards/frameworks, what must you also do?

Answer 8

Perform vulnerability assessments

Question 9

• Personal Health Information Protection Act (PHIPA)
• Personal Information Protection and Electronic Documents Act (PIPEDA)
• ISO 27001
• NIST

Your organization deals wit these regulatory standards/frameworks, what must you also do?

Answer 9

Perform vulnerability assessments