I feel as is the best way for me to summarize this section of chapter two is to basically define all of the terms. This will be helpful if I ever decide to actually take the CISSP exam, as these security terms will be here for me to view.
1.) Vulnerability - No measure to counter potential attacks, or an inferior countermeasure is in place.
2.) Threat - Danger that is associated with a vulnerability.
3.) Threat Agent - An entity that takes advantage of a vulnerability.
4.) Risk - The probability of a threat agent exploiting a vulnerability and the associated impact.
5.) Control - Something that is put in place to reduce a risk. Also known as a countermeasure.
6.) Exposure - When a vulnerability is present that might expose one or more threats to an organization.
Figure 2-1 in the text gives a great graphical representation of how all of the above terms are connected and how they relate to one another.
No comments:
Post a Comment