Module Questions 10
1. What is the difference between a vulnerability, a threat, and a risk?
Answer :
To manage security effectively, a business must distinguish between these three terms. A Vulnerability is a specific weakness in an information system, security procedure, or internal control (e.g., an unpatched software bug). A Threat is any potential danger that could exploit that vulnerability (e.g., a hacker or a natural disaster). Risk is the intersection of the two; it is the mathematical likelihood that a threat will exploit a vulnerability and the resulting impact (financial or reputational) on the business.
2. Describe the four main strategies for treating risk (Accept, Avoid, Mitigate, Transfer). Provide a business example for each.
Answer :
Once a risk is identified, a business must decide how to handle it using one of these four strategies:
- Mitigate: Implementing controls to reduce the likelihood or impact (e.g., installing a firewall to reduce the risk of a hack).
- Transfer: Shifting the financial impact to a third party (e.g., purchasing Cyber Insurance).
- Avoid: Eliminating the risk entirely by stopping the activity (e.g., a business deciding not to store credit card data to avoid the risk of a breach).
- Accept: Acknowledging the risk but doing nothing because the cost of fixing it is higher than the potential loss (e.g., a small startup accepting the risk of a minor website glitch that only happens once a year).
3. Why is it useful for a business to adopt an established security framework like NIST CSF or ISO 27001?
Answer :
Adopting an established framework like NIST CSF or ISO 27001 is useful because it provides a proven, standardized “roadmap” for security. Instead of guessing what to protect, these frameworks offer a comprehensive list of best practices that ensure no area is overlooked. For a digital business, following these frameworks increases stakeholder trust, ensures regulatory compliance, and provides a common language for discussing security risks with investors, partners, and customers.
Status: 100% terpenuhi
Keterangan Sudah mengerjakan tugas dengan baik dan benar
