Auto saved by Logseq
This commit is contained in:
Ryan
parent
bac9594185
commit
b17b63402f
|
|
@ -2261,7 +2261,20 @@
|
||||||
be exploited
|
be exploited
|
||||||
- Threats :-> anything that can cause harm to an information
|
- Threats :-> anything that can cause harm to an information
|
||||||
system – successful exploits of vulnerabilities
|
system – successful exploits of vulnerabilities
|
||||||
- Risks :->
|
- Relationship between a vulnerability and a threat
|
||||||
|
- An organization does not have sufficient controls
|
||||||
|
to prevent an employee from deleting critical
|
||||||
|
computer files **(lack of controls – vulnerability).**
|
||||||
|
An employee could delete files by mistake
|
||||||
|
**(employee – source of threat) (deleting critical
|
||||||
|
files – threat).** If the files are deleted, successful
|
||||||
|
exploit of the vulnerability has taken place. If the
|
||||||
|
file is not recoverable, the incident harms the
|
||||||
|
organizations and its security. Availability is
|
||||||
|
compromised.
|
||||||
|
- Risks :-> a likelihood that a threat will exploit a vulnerability
|
||||||
|
and cause harm, where the harm is the impact to
|
||||||
|
organization, **Risk = vulnerability + threat**
|
||||||
- Safeguards
|
- Safeguards
|
||||||
- Risk management
|
- Risk management
|
||||||
- LATER 概率论 (隔了一个周末)
|
- LATER 概率论 (隔了一个周末)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue