You are conducting a risk assessment based on NIST SP 800-30 R1, in which adversarial threat events are expressed as tactics, techniques, and procedures (TTPs). Which of the following risk factors best describes an adversarial threat event? (Wentz QOTD)
A. Fire at the primary facility
B. Compliance with technical standards
C. Perform network sniffing of exposed networks
D. Inability to perform current missions/business functions
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Perform network sniffing of exposed networks.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Reference
您正在根據 NIST SP 800-30 R1 進行風險評鑑,其中對抗性威脅事件表示為戰術、技術和程序 (TTP)。 以下哪個風險因素最能描述敵對威脅事件? (Wentz QOTD)
A. 主要設施發生火災
B. 符合技術標準
C. 對暴露的網路執行網路嗅探
D. 無法執行當前任務/業務功能