During a disaster recovery planning session, a security administrator has been tasked with
determining which threats and vulnerabilities pose a risk to the organization. Which of the following
should the administrator rate as having the HIGHEST frequency of risk to the organization?

A.
Hostile takeovers

B.
Large scale natural disasters

C.
Malware and viruses

D.
Corporate espionage

Explanation:
The most common threat to an organization is computer viruses or malware. A computer can
become infected with a virus through day-to-day activities such as browsing web sites or emails.
As browsing and opening emails are the most common activities performed by all users, computer
viruses represent the most likely risk to a business.
Common examples of malware include viruses, worms, trojan horses, and spyware. Viruses, for
example, can cause havoc on a computer’s hard drive by deleting files or directory information.
Spyware can gather data from a user’s system without the user knowing it. This can include
anything from the Web pages a user visits to personal information, such as credit card numbers.