Week 5 - Cybersecurity Risk Management (Risk Assessment)

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/6

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

7 Terms

1
New cards

What are the two main factors used to determine cybersecurity risk in ISO/SAE 21434?

Impact rating and attack feasibility rating.

2
New cards

What are the 4 impact types and how are they rated in ISO/SAE 21434?

Types:

  • safety

  • financial

  • operational

  • privacy

Rated:

  • Negligible (S0)

  • Moderate (S1)

  • Major (S2)

  • Severe (S3)

3
New cards

Why is "likelihood" problematic in cybersecurity risk assessment?

Because cyber threats involve adaptive human adversaries, making probability estimates unreliable.

4
New cards

What does "attack feasibility" represent in ISO/SAE 21434?

It substitutes for likelihood and indicates how easy an attack path is to execute.

5
New cards

What are the 3 main approaches to determine attack feasibility in ISO/SAE 21434 and how to they get rated?

1.      Attack potential based approach

2.      CVSS based approach

3.      Attack vector based approach

each approach gives a result that maps to one of the 4 attack feasibility levels:

  1. high

  2. medium

  3. low

  4. very low

6
New cards

What are the five factors in the attack potential-based approach?

Elapsed time, Expertise, Knowledge of item, Window of opportunity, Equipment.

7
New cards

How do you determine the risk value?

impact + feasibility

using a risk matrix