PrepAway - Latest Free Exam Questions & Answers

Which of the following components of risk scenarios has the potential to generate internal or external threat

Which of the following components of risk scenarios has the potential to generate internal or

external threat on an enterprise?

PrepAway - Latest Free Exam Questions & Answers

A.
Timing dimension

B.
Events

C.
Assets

D.
Actors

Explanation:

Components of risk scenario that are needed for its analysis are:
Actor: Actors are those components of risk scenario that has the potential to generate the threat
that can be internal or external, human or non-human. Internal actors are within the enterprise like
staff, contractors, etc. On the other hand, external actors include outsiders, competitors, regulators
and the market.
Threat type: Threat type defines the nature of threat, that is, whether the threat is malicious,
accidental, natural or intentional.
Event: Event is an essential part of a scenario; a scenario always has to contain an event. Event
describes the happenings like whether it is a disclosure of confidential information, or interruption
of a system or project, or modification, theft, destruction, etc.
Asset: Assets are the economic resources owned by business or company. Anything tangible or
intangible that one possesses, usually considered as applicable to the payment of one’s debts, is
considered an asset. An asset can also be defined as a resource, process, product, computing
infrastructure, and so forth that an organization has determined must be protected. Tangible asset:
Tangible are those asset that has physical attributes and can be detected with the senses, e.g.,
people,
infrastructure, and finances. Intangible asset: Intangible are those asset that has no physical
attributes and cannot be detected with the senses, e.g.,
information, reputation and customer trust.
Timing dimension: The timing dimension is the application of the scenario to detect time to
respond to or recover from an event. It identifies if the event occur at a critical moment and its
duration. It also specifies the time lag between the event and the consequence, that is, if there an
immediate consequence (e.g., network failure, immediate downtime) or a delayed consequence
(e.g., wrong IT architecture with accumulated high costs over a long period of time).


Leave a Reply