2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet77/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   73   74   75   76   77   78   79   80   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Vulnerability
The weakness in an asset or the absence or the weakness of a safeguard or 
countermeasure is a 
vulnerability
.
In other words, a vulnerability is a flaw, loophole, oversight, error, limitation, frailty, or 
susceptibility in the IT infrastructure or any other aspect of an organization. If a vulner-
ability is exploited, loss or damage to assets can occur.
Exposure Exposure
is being susceptible to asset loss because of a threat; there is the pos-
sibility that a vulnerability can or will be exploited by a threat agent or event. Exposure 
doesn’t mean that a realized threat (an event that results in loss) is actually occurring (the 
exposure to a realized threat is called experienced exposure). It just means that if there is 
a vulnerability and a threat that can exploit it, there is the possibility that a threat event, 
or potential exposure, can occur. Another way of thinking about exposure is to answer 
the question “What is the worst that could happen?” You are not stating that harm has 
occurred or that it will actually occur, only that there is the potential for harm and how 
extensive or serious that harm might be. The quantitative risk analysis value of exposure 
factor (EF) is derived from this concept.
Risk Risk
is the possibility or likelihood that a threat will exploit a vulnerability to cause 
harm to an asset. It is an assessment of probability, possibility, or chance. The more likely 
it is that a threat event will occur, the greater the risk. Every instance of exposure is a risk. 
When written as a formula, risk can be defined as follows:
risk = threat * vulnerability
Thus, reducing either the threat agent or the vulnerability directly results in a reduction 
in risk.
When a risk is realized, a 
threat agent
, a 
threat actor
, or a 
threat event
has taken advan-
tage of a vulnerability and caused harm to or disclosure of one or more assets. The whole 
purpose of security is to prevent risks from becoming realized by removing vulnerabilities 

66
Chapter 2 

Personnel Security and Risk Management Concepts
and blocking threat agents and threat events from jeopardizing assets. As a risk manage-
ment tool, security is the implementation of safeguards.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   73   74   75   76   77   78   79   80   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish