SPēD - SFPC - Risk Management for DoD Security Programs 2023/2024

SPēD - SFPC - Risk Management for DoD Security Programs Which process provides a systematic approach to acquiring and analyzing the information necessary for protecting assets and allocating security resources? - correct answer The risk management process The five steps of the Risk Management Process: - correct answer 1. Asset assessment (nature and value of an asset and the degree of impact if the asset is damaged or lost) 2. Threat assessment (type and degree of threat) 3. Vulnerability assessment (identification and extent of vulnerabilities) 4. Risk assessment (calculation of risks) 5. Countermeasure determination (security countermeasure options that can reduce or mitigate risk - cost effectiveness) Five broad categories for ASSETS - correct answer • Activities & Operations • Equipment • Facilities • Information • People Threat - correct answer A threat is any indication, circumstance, or event with the potential to cause the loss of or damage to an asset. Threat may also be defined as the intention and capability of an adversary to undertake detrimental actions against an asset owner's interests. A threat may include any indication, circumstance, or event with the potential to cause the loss of or damage to an asset. Adversary - correct answer An adversary is any individual, group, organization, or government that conducts activities, or has the intention and capability to conduct activities detrimental to assets. Common examples of adversaries are terrorists, criminals, and foreign intelligence services. Types of Adversaries (6 examples) - correct answer Criminal Economic Espionage Foreign Industrial Espionage Foreign Intelligence Service Insider Terrorist Criminal - correct answer A criminal is an adversary who violates the law causing the loss of or damage to assets. Examples include: violent acts against people, theft, hacking, etc. Economic Espionage - correct answer Economic espionage is the theft or misappropriation of U.S. proprietary information or trade secrets, especially to foreign governments and their agents. Both traditionally friendly nations and recognized adversaries conduct industrial espionage. Foreign Industrial Espionage - correct answer Foreign industrial espionage is industrial espionage conducted by a foreign government or a foreign company with direct assistance of a foreign government against a private U.S. company for the purpose of obtaining commercial secrets. Foreign Intelligence Service - correct answer Foreign intelligence services are organizations that are part of a foreign government and engage in intelligence activities. Insider - correct answer An insider is an adversary who has special access or privileges, e.g., employees, contractors, customers, etc.