CRISC Certified in Risk and Information Systems Control – Question130 - CRISC Certified in Risk and Information Systems Control

Which of the following are sub-categories of threat? Each correct answer represents a complete solution. Choose three.

A. Natural and supernatural
B. Computer and user
C. Natural and man-made
D. Intentional and accidental
E. External and internal

Correct Answer: CDE

Explanation:

Explanation:
A threat is any event which have the potential to cause a loss. In other word, it is any activity that represents a possible danger. The loss or danger is directly related to one of the following:

Loss of confidentiality- Someone sees a password or a company’s secret formula, this is referred to as loss of confidentiality. Loss of integrity- An e-mail message is modified in transit, a virus infects a file, or someone makes unauthorized changes to a Web site is referred to as loss of integrity.
Loss of availability- An e-mail server is down and no one has e-mail access, or a file server is down so data files aren’t available comes under loss of availability.
[/*]
Threat identification is the process of creating a list of threats. This list attempts to identify all the possible threats to an organization. The list can be extensive.
Threats are often sub-categorized as under:
[*]
External or internal- External threats are outside the boundary of the organization. They can also be thought of as risks that are outside the control of the organization. While internal threats are within the boundary of the organization. They could be related to employees or other personnel who have access to company resources. Internal threats can be related to any hardware or software controlled by the business.
Natural or man-made- Natural threats are often related to weather such as hurricanes, tornadoes, and ice storms. Natural disasters like earthquakes and tsunamis are also natural threats. A human or man-made threat is any threat which is caused by a person. Any attempt to harm resources is a man-made threat. Fire could be man-made or natural depending on how the fire is started.
Intentional or accidental- An attempt to compromise confidentiality, integrity, or availability is intentional. While employee mistakes or user errors are accidental threats. A faulty application that corrupts data could also be considered accidental.