According to the NIST generic risk model, which of the following is not a threat source? (Wentz QOTD)
A. Spammers
B. Phishing
C. Terrorists
D. Bot-Network Operators

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Phishing.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

The NIST generic risk model describes how a threat source initiates threat events (e.g., TTPs, tactics, techniques, and procedures) that exploit vulnerabilities resulting in adverse impact. Spammers, Terrorists, and Bot-Network Operators are threat sources, while Phishing is a threat event.

Risk and Threat

Reference

---

根據 NIST 通用風險模型，以下哪個不是威脅來源？ (Wentz QOTD)
A. 垃圾郵件發送者
B. 網絡釣魚
C. 恐怖分子
D. 機器人網絡運營商