Assigment-Week13-BD308CyberSecurity-SultanChairul-2581484737

Nama : Sultan Chairul

Nim : 2582484737

1. What is the difference between a vulnerability, a threat, and a risk?

Answer :
A vulnerability is a weakness or flaw in a system, application, process, or security control that could be exploited. A threat is any potential source of harm, such as hackers, malware, insider threats, or natural disasters, that can take advantage of a vulnerability. A risk is the likelihood and potential impact of a threat successfully exploiting a vulnerability and causing damage to the organization. In simple terms, a vulnerability is the weakness, a threat is the danger, and risk is the possible consequence.

2. Describe the four main strategies for treating risk (Accept, Avoid, Mitigate, Transfer). Provide a business example for each.

Answer :

  1. Accept – The organization decides to accept the risk because the potential impact is low or the cost of addressing it is higher than the potential loss.
    Example: A small business accepts the risk of a short internet outage because it rarely occurs and has minimal impact on operations.
  2. Avoid – The organization eliminates the activity that creates the risk.
    Example: A company stops collecting customer payment card information to avoid the risk of handling sensitive financial data.
  3. Mitigate – The organization reduces the likelihood or impact of the risk by implementing security controls.
    Example: A business installs firewalls, antivirus software, and Multi-Factor Authentication (MFA) to reduce the risk of cyberattacks.
  4. Transfer – The organization shifts the financial impact of the risk to another party.
    Example: A company purchases cyber insurance to cover costs associated with data breaches or ransomware incidents.

3. Why is it useful for a business to adopt an established security framework like NIST CSF or ISO 27001?

Answer :
It is useful because established security frameworks provide a structured and proven approach to managing cybersecurity risks. Frameworks such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and International Organization for Standardization ISO 27001 help organizations identify, protect, detect, respond to, and recover from security threats. They also support regulatory compliance, improve security practices, increase customer trust, and help create a consistent security strategy across the organization.

Keterangan : 100%

Bukti : Sudah mengerjakan tugas dengan baik dan benar.

Previous Post Previous Post
Newer Post Newer Post

Leave a comment