Which of the following are sub-categories of threat?
Each correct answer represents a complete solution. Choose three.
A.
Natural and supernatural
B.
Computer and user
C.
Natural and man-made
D.
Intentional and accidental
E.
External and internal
Explanation:
A threat is any event which have the potential to cause a loss. In other word, it is any activity that
represents a possible danger. The loss or danger is directlyrelated to one of the following:
Loss of confidentiality- Someone sees a password or a company’s secret formula, this is referred
to as loss of confidentiality. Loss of integrity- An e-mail message is modified in transit, a virusinfects a file, or someone makes unauthorized changes to a Web site is referred to as loss of
integrity.
Loss of availability- An e-mail server is down and no one has e-mail access, or a file server is
down so data files aren’t available comes under loss of availability.
Threat identification is the process of creating a list of threats. This list attempts to identify all the
possible threats to an organization. The list can be extensive.
Threats are often sub-categorized as under:
External or internal- External threats are outside the boundary of the organization. They can also
be thought of as risks that are outside the control of the organization. While internal threats are
within the boundary of the organization. They could be related to employees or other personnel
who have access to company resources. Internal threats can be related to any hardware or
software controlled by the business.
Natural or man-made- Natural threats are often related to weather such as hurricanes, tornadoes,
and ice storms. Natural disasters like earthquakes and tsunamis are also natural threats. A human
or man-made threat is any threat which is caused by a person. Any attempt to harm resources is a
man-made threat. Fire could be man-made or natural depending on how the fire is started.
Intentional or accidental- An attempt to compromise confidentiality, integrity, or availability is
intentional. While employee mistakes or user errors are accidental threats. A faulty application that
corrupts data could also be considered accidental.