Chapter8: Using risk management tools
Studied by 0 people
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/17
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
18 Terms
Threats
Potential danger that can compromise confidentiality, integrity, and availability
Risk Types
Internal
External
Intellectual property theft
Software compliance
Legacy systems
Vulnerabilities
Default configuration
Lack of malware protection
Improper patch management
Lack of firewalls
Risk appetite
Amount of risk an org is willing to take on
Risk appetite types
Expansionary
Conservative
Neutral
The multiple risk management strategies
Avoidance
Mitigation
Acceptance
Transference
Cybersecurity insurance
Risk assessment types
Quantitative
Qualitative
Risk reporting
Final phase of risk assessment
Supply chain risk
Can be eliminated by ensuring multiple vendors
Vulnerability assessment
Assess the security posture of systems and networks
Steps in vulnerability assessments
Identify assets and capabilities
Prioritize assets based on value
Identify vulnerabilities and recommend controls to mitigate them
Network scanners
Arp ping scan
Syn stealth scan
port scan
service scan
OS detection
What do vulnerability scan include?
identifies vulnerability, misconfigurations,
lack of security controls
Vulnerability scan ouput
Report with info such as list of hosts discovered and scanned
list of open ports and vulnerabilities
recommended resolutions to discovered vulnerabilities
footprinting
provides big picture of network
fingerprinting
individual system and details of each one
What is cleanup
last step of a pen test, remove all tracks such as
user accounts created
scripts that were added
files, logs, and temp files created
reconfigure all settings modified