1
Q
What is risk?
A
A function of the likelihood and impact of a security incident or data breach
2
Q
What is the cyber risk equation?
A
risk = threats x vulnerabilities x asset value over controls
3
Q
What are the components of the risk equation?
A
Risk Threats Vulnerabilities Asset Value Controls
4
Q
What is the Lockheed Martin Kill Chain?
A
Reconnaissance - research, identification, select targets
Weaponisation - pairing malware with exploit to payload
Delivery - transmission of weapon to target
Exploitation - weapon is triggered
Installation - installs backdoor
Command & Control - linking weapon to outside network
Actions on Objective - exfiltrate data, ransom encryption, etc.
5
Q
What is the risk management process?
A
Frame the risk Asses the risk Respond to the risk Monitor the risk Rinse and repeat
