Question

Subject: Security Policy & Procedures In the context of NIST SP 800-30, define threat and define...

Subject: Security Policy & Procedures

In the context of NIST SP 800-30, define threat and define vulnerability. Give one example of an IT threat and an IT vulnerability.

Homework Answers

Answer #1

Answer: According to NIST SP 800-30 a threat can be defined as any circumstance or event with the potential to adversely impact organizational operations and assets, individuals, other organizations, or the Nation through an information system via unauthorized access, disclosure, destruction, or modification of information, and/or denial of service.

Whereas a vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.

A prominent example of IT threat can be a provisioning server which is taken offline by a denial-of-service attack, a deliberate act by a malicious system administrator, an administrative error, a hardware fault, or a power failure.

Examples of vulnerability can include

  • Download of codes without integrity checks
  • Use of broken algorithms
  • Weak passwords
  • Software that is already infected with virus
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
Based on NIST SP 800-53 Rev 4 Appendix F: Security Control Catalog - AU: Audit and...
Based on NIST SP 800-53 Rev 4 Appendix F: Security Control Catalog - AU: Audit and Accountability, how can auditing and accountability enhance the overall architectural design of an information technology infrastructure? Please provide specific examples.
Subject: Security Policy & Procedures A company is considering the risk response (Step 5 of the...
Subject: Security Policy & Procedures A company is considering the risk response (Step 5 of the ERM) associated with risk for user authentication. User authentication is the ability to identify an authorized user based on one or more pieces of information (example: username and password). Pg. 160 of your textbook defines 4 different ways to react/respond to a risk: avoid, prevent, reduce, and transfer. Provide an appropriate risk response for each of the 4 different ways listed above for risk...
Subject: Human Resource Management Main question: Which benefit plans would you choose, and which wouldn't you...
Subject: Human Resource Management Main question: Which benefit plans would you choose, and which wouldn't you choose and give reasons why you would or would not want a benefit that were used in making the benefit selections (specially at at entry level making $30000). PROCEDURES: Assume that you recently graduated from college and are just starting a new job at a large firm. You will be receiving a starting net pay (net of all taxes and mandatory deductions) of $30,000....
Please read the article and answear about questions. Determining the Value of the Business After you...
Please read the article and answear about questions. Determining the Value of the Business After you have completed a thorough and exacting investigation, you need to analyze all the infor- mation you have gathered. This is the time to consult with your business, financial, and legal advis- ers to arrive at an estimate of the value of the business. Outside advisers are impartial and are more likely to see the bad things about the business than are you. You should...
Delta airlines case study Global strategy. Describe the current global strategy and provide evidence about how...
Delta airlines case study Global strategy. Describe the current global strategy and provide evidence about how the firms resources incompetencies support the given pressures regarding costs and local responsiveness. Describe entry modes have they usually used, and whether they are appropriate for the given strategy. Any key issues in their global strategy? casestudy: Atlanta, June 17, 2014. Sea of Delta employees and their families swarmed between food trucks, amusement park booths, and entertainment venues that were scattered throughout what would...
What tools could AA leaders have used to increase their awareness of internal and external issues?...
What tools could AA leaders have used to increase their awareness of internal and external issues? ???ALASKA AIRLINES: NAVIGATING CHANGE In the autumn of 2007, Alaska Airlines executives adjourned at the end of a long and stressful day in the midst of a multi-day strategic planning session. Most headed outside to relax, unwind and enjoy a bonfire on the shore of Semiahmoo Spit, outside the meeting venue in Blaine, a seaport town in northwest Washington state. Meanwhile, several members of...