Cybersecurity Vulnerability

An old adage goes: "The only computer that is not in danger is a computer that is turned off." Cybersecurity professionals must identify and explain the main vulnerabilities against a company's critical infrastructure.

A cybersecurity vulnerability is any weakness that may compromise the CIA triad (confidentiality, integrity, and availability) of a product. A cybersecurity vulnerability can never be completely eliminated; therefore, countermeasures must be in place to mitigate the potential disaster to a business's ability to operate after a potential attack.

The confidentiality, integrity, and availability (CIA) triad is at the core of information system security. Information system security professionals use the CIA triad as a mechanism for quantifying the key security considerations of an information system. When a system is under development, each of the CIA concepts must be considered as part of the system's design objectives. Below is a model of the CIA triad.

Circular pie diagram showing the components of confidentiality, integrity, and availability in equal portions. — Confidentiality, Integrity, Availability (CIA)

Source: Janet Zimmer

Confidentiality refers to the methods used to protect information from unauthorized disclosure. Protecting the confidentiality of proprietary or sensitive information is of vital importance.

Integrity refers to the processes that ensure accuracy of information.

Availability addresses the need of a system to provide continued, reliable access to information while maintaining an acceptable level of performance. Consider organizations with technology and services that must be nearly 100 percent available 24 hours a day, 365 days a year, such as financial institutions, emergency service providers, power providers, and communication providers. Every moment that these organizations cannot exchange information, there is the potential for serious financial loss, injury, or even death.

Resources

Check Your Knowledge

Question 1

Which of the following is a true statement?

A vulnerability is a covert action with potential harm.

A vulnerability is a weakness that allows a threat to be realized.

A vulnerability is a desirable outcome of a business continuity plan.

A vulnerability gives priority to the functions of the organization.

That statement is incorrect. A covert action is an attempt to hide or carry out an activity in secrecy. Try again.

That's correct. A vulnerability is a weakness that allows a threat to be realized.

That statement is incorrect. The purpose of the business continuity plan is to avoid vulnerability, not to enhance it. Try again.

That statement is incorrect. Vulnerability is not the only priority of an organization. It is one of many. Try again.

Question 2

Which of the following is a true statement?

A threat could be necessary for a vulnerability to occur.

A vulnerability could be mitigated by an end-user license agreement (EULA).

A threat by itself does not always cause damage; there must be a vulnerability for a threat to be realized.

That statement is incorrect. A threat is any action that could damage an asset.

That statement is incorrect. An EULA is a contract between the licensor and purchaser, establishing the purchaser's right to use the software.

That's correct. A threat by itself does not always cause damage; there must be a vulnerability for a threat to be realized.

Question 3

True or false? Using security policies, standards, procedures, and guidelines helps organizations decrease risk, threats, and vulnerabilities.

True

False

That's correct. Establishing well-written security policies, standards, procedures, and guidelines helps organizations decrease risks, threats, and vulnerabilities since there is a clear understanding of employees' expectations or conduct of behavior.

Incorrect. Establishing well-written security policies, standards, procedures, and guidelines helps organizations decrease risks, threats, and vulnerabilities since there is a clear understanding of employees' expectations or conduct of behavior.

Question 4

What are the four elements of a vulnerability management process?

inventory, focus, assess, and respond

inventory, assess, scanning, and respond

assess, scanning, war dialing, and scanning

credential monitoring, assess, scanning, respond

That's correct. The four elements of a vulnerability management process are inventory, focus, assess, and respond.

Incorrect. The four elements of a vulnerability management process are inventory, focus, assess, and respond.

Question 5

In the CIA triad, what does the I stand for?

inventory

information

identity

integrity

Incorrect. Inventory is not part of the CIA triad. Try again.

Incorrect. Information is not part of the CIA triad. Try again.

Incorrect. Identity is not part of the CIA triad. Try again.

That's correct. The I in the CIA triad stands for integrity (confidentiality, integrity, and availability).

Licenses and Attributions

Confidentiality, Integrity, Availability (CIA) by Janet Zimmer is available under a Creative Commons Attribution-ShareAlike 3.0 Unported license