Systems Security Certified Practitioner – SSCP – Question0632

What can be defined as an event that could cause harm to the information systems?

A.
A risk
B. A threat
C. A vulnerability
D. A weakness

Correct Answer: B

Explanation:

A threat is an event or activity that has the potential to cause harm to the information systems. A risk is the probability that a threat will materialize. A vulnerability, or weakness, is a lack of a safeguard, which may be exploited by a threat, causing harm to the information systems. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 1: Access Control Systems (page 32).