What is a vulnerability?1 pointAnything that can impact the confidentiality, integrity, or availability of an assetAny circumstance or event that can negatively impact assetsAn organization’s ability to manage its defense of critical assets and data and react to changeA weakness that can be exploited by a threat

Vulnerability to poverty is a measure,which describes the greaterprobability of certain communities(say, members of a backward caste)or individuals (such as a widow or aphysically handicapped person) ofbecoming, or remaining, poor in thecoming years. Vulnerability isdetermined by the options availableto different communities for findingan alternative living in terms ofassets, education, health and jobopportunities. Further, it is analysedon the basis of the greater risks thesegroups face at the time of naturaldisasters (earthquakes, tsunami),terrorism etc. Additional analysis ismade of their social and economicability to handle these risks. In fact,vulnerability describes the greaterprobability of being more adverselyaffected than other people when badtime comes for everybody, whether aflood or an earthquake or simply afall in the availability of jobs!

Question 4Fill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.1 point14119

True or False. A vulnerability is a small piece of software code, part of a malformed data file, or a sequence – string - of commands created by an attacker to cause unintended or unanticipated behavior in a system or software.1 pointTrueFalse

Vulnerability DescriptionThe activities that you will undertake are as follows:1. Describe and explain the vulnerability with a high level of technical detail in your ownwords. A copy of a CVE report is not acceptable, and a superficial description willattract low marks. The description must include outcomes of the vulnerability, i.e. whatit can be used for, what level of access it provides, and which systems are affected by thevulnerability.2. Describe and explain mitigation and prevention strategies that can be used to protectagainst the vulnerability. These should be specific strategies for the chosen vulnerability,and you must provide sufficient detail. For example, simply saying “there is a patch” isnot enough, but you should provide detailed information, such as a patch number or aversion number of the software that fixes the problem.3. Describe how to demo the exploit of the vulnerability. This plan should list the requiredsoftware, operating systems, code etc. that is required and provide an overview on how anexploitation demonstration will work.

What are the financial and reputation impacts of vulnerability-related incidents?