Amelia Nurul Mupty – BD308 – Cyber Security – Module Question 13

  1. What is the difference between a vulnerability, a threat, and a risk?
  2. Describe the four main strategies for treating risk (Accept, Avoid, Mitigate, Transfer). Provide a business example for each?
  3. Why is it useful for a business to adopt an established security framework like NIST CSF or ISO 27001?

    The Answer
    1. What is the difference between a vulnerability, a threat, and a risk?
    A vulnerability is a weakness in a system, a threat is something that can exploit that weakness, and a risk is the possibility that the threat will cause damage.
    2. Describe the four main strategies for treating risk.
    The four risk treatment strategies are Accept (accept the risk), Avoid (eliminate the risky activity), Mitigate (reduce the risk with security controls), and Transfer (shift the risk to another party, such as through cyber insurance).
    3. Why is it useful for a business to adopt an established security framework like NIST CSF or ISO 27001?
    Using frameworks like National Institute of Standards and Technology CSF or International Organization for Standardization 27001 helps businesses manage cybersecurity risks, improve security, meet compliance requirements, and build customer trust.

Previous Post Previous Post
Newer Post Newer Post

Leave a comment