A security administrator has been conducting a security assessment of Company XYZ for the past
two weeks. All of the penetration tests and other assessments have revealed zero flaws in the
systems at Company XYZ. However, Company XYZ reports that it has been the victim of
numerous security incidents in the past six months. In each of these incidents, the criminals have
managed to exfiltrate large volumes of data from the secure servers at the company. Which of the
following techniques should the investigation team consider in the next phase of their assessment
in hopes of uncovering the attack vector the criminals used?

A security manager at Company ABC, needs to perform a risk assessment of a new mobile device
which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the
company. The product is commercially available, runs a popular mobile operating system, and can
connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the
upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers
but experts estimate that over 73 million of the devices have been sold worldwide. Which of the
following is the BEST list of factors the security manager should consider while performing a risk
assessment?