Sub-Categories of Threats

CDE.

A threat is any event which have the potential to cause a loss.

In other word, it is any activity that represents a possible danger.

The loss or danger is directly related to one of the following: -> Loss of confidentiality- Someone sees a password or a company's secret formula, this is referred to as loss of confidentiality.

Loss of integrity- An e-mail message is modified in transit, a virus infects a file, or someone makes unauthorized changes to a Web site is referred to as loss of integrity.

-> Loss of availability- An e-mail server is down and no one has e-mail access, or a file server is down so data files aren't available comes under loss of availability.

Threat identification is the process of creating a list of threats.

This list attempts to identify all the possible threats to an organization.

The list can be extensive.

Threats are often sub-categorized as under: -> External or internal- External threats are outside the boundary of the organization.

They can also be thought of as risks that are outside the control of the organization.

While internal threats are within the boundary of the organization.

They could be related to employees or other personnel who have access to company resources.

Internal threats can be related to any hardware or software controlled by the business.

-> Natural or man-made- Natural threats are often related to weather such as hurricanes, tornadoes, and ice storms.

Natural disasters like earthquakes and tsunamis are also natural threats.

A human or man-made threat is any threat which is caused by a person.

Any attempt to harm resources is a man-made threat.

Fire could be man-made or natural depending on how the fire is started.

-> Intentional or accidental- An attempt to compromise confidentiality, integrity, or availability is intentional.

While employee mistakes or user errors are accidental threats.

A faulty application that corrupts data could also be considered accidental.

Threats can be defined as any potential danger to an organization's assets or information. These threats can come from various sources and can be classified into different categories. Let's examine each of the answer options in detail to determine which ones are sub-categories of threat.

A. Natural and supernatural: This answer option does not accurately represent sub-categories of threats. While natural disasters such as floods, earthquakes, and hurricanes can pose a threat to an organization's assets and information, supernatural threats such as ghosts or paranormal entities do not fall under the category of threat.

B. Computer and user: This answer option also does not accurately represent sub-categories of threat. While users can pose a threat to an organization's assets and information through intentional or unintentional actions, the term "computer" is not a threat category. Instead, it could be considered an asset that can be threatened.

C. Natural and man-made: This answer option correctly represents sub-categories of threats. Natural threats such as earthquakes, floods, and hurricanes are events that occur naturally and can pose a danger to an organization's assets and information. Man-made threats, on the other hand, are caused by human actions and can include cyber-attacks, terrorism, and theft.

D. Intentional and accidental: This answer option also correctly represents sub-categories of threats. Intentional threats are caused by individuals or groups who have malicious intent, such as cybercriminals, hackers, or insiders. Accidental threats are caused by human error or negligence and can include mistakes, misconfigurations, and system failures.

E. External and internal: This answer option also correctly represents sub-categories of threats. External threats come from outside the organization, such as cyber-attacks or physical attacks. Internal threats, on the other hand, come from within the organization and can include insider threats or accidents caused by employees.

Therefore, the correct answers to this question are C. Natural and man-made, D. Intentional and accidental, and E. External and internal.