Auto saved by Logseq

2023-06-15 18:11:15 +08:00 · 2023-06-15 18:11:15 +08:00 · b17b63402f
parent bac9594185
commit b17b63402f
1 changed files with 14 additions and 1 deletions
--- a/pages/总复习2023t1.md
+++ b/pages/总复习2023t1.md
@ -2261,7 +2261,20 @@
 						  be exploited
 						- Threats :-> anything that can cause harm to an information
 						  system – successful exploits of vulnerabilities
-						- Risks :->
+							- Relationship between a vulnerability and a threat
+								- An organization does not have sufficient controls
+								  to prevent an employee from deleting critical
+								  computer files **(lack of controls – vulnerability).**
+								  An employee could delete files by mistake
+								  **(employee – source of threat) (deleting critical
+								  files – threat).** If the files are deleted, successful
+								  exploit of the vulnerability has taken place. If the
+								  file is not recoverable, the incident harms the
+								  organizations and its security. Availability is
+								  compromised.
+						- Risks :-> a likelihood that a threat will exploit a vulnerability
+						  and cause harm, where the harm is the impact to
+						  organization, **Risk = vulnerability + threat**
 						- Safeguards
 					- Risk management
 	- LATER 概率论 (隔了一个周末)