During a kickoff meeting for a penetration test, stakeholders ask you to clarify terminology that will appear in your final report. When describing "risk," which of the following definitions is most accurate from an information-security perspective?
Any circumstance or event with the potential to cause harm to an information asset.
A safeguard or countermeasure deployed to reduce the likelihood or impact of an attack.
A weakness in a system or process that can be exploited to violate security policy.
The probability that a specific threat will successfully exploit a particular vulnerability and cause business impact.
In information security, risk is typically expressed as the combination of the likelihood that a threat will exploit a vulnerability and the magnitude of the resulting impact on the business. A vulnerability, by contrast, is simply a weakness that could be exploited; a threat is the potential cause of harm; and a safeguard or countermeasure is a control implemented to lower either the likelihood of exploitation or the severity of impact. Consequently, the definition that explicitly includes both likelihood (probability) and potential business damage most accurately captures the concept of risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between risk and vulnerability in information security?
Open an interactive chat with Bash
What are common examples of safeguards or countermeasures in information security?
Open an interactive chat with Bash
How is risk quantitatively assessed in information security?
Open an interactive chat with Bash
What is the difference between a threat and a vulnerability in information security?
Open an interactive chat with Bash
How is risk quantified in information security?
Open an interactive chat with Bash
What are safeguards or countermeasures in cybersecurity?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Information Security and Ethical Hacking Overview
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .