Cyber Security and Privacy Week 6 NPTEL Assignment Answers 2025

Need help with this week’s assignment? Get detailed and trusted solutions for Cyber Security and Privacy Week 6 NPTEL Assignment Answers. Our expert-curated answers help you solve your assignments faster while deepening your conceptual clarity.

✅ Subject: Cyber Security and Privacy
📅 Week: 6
🎯 Session: NPTEL 2025 July-October
🔗 Course Link: Click Here
🔍 Reliability: Verified and expert-reviewed answers
📌 Trusted By: 5000+ Students

For complete and in-depth solutions to all weekly assignments, check out 👉 NPTEL Cyber Security and Privacy Week 6 Assignment Answers

🚀 Stay ahead in your NPTEL journey with fresh, updated solutions every week!

NPTEL Cyber Security and Privacy Week 6 Assignment Answers 2025

1. Risk management involves three major undertakings:

• Risk Auditing, Risk Assessment, and Risk Control
• Risk Identification, Risk Assessment, and Risk Auditing
• Risk Identification, Risk Assessment, and Risk Control
• Risk Monitoring, Risk Assessment, and Risk Auditing

Answer : See Answers

2. Determine Loss Frequency (Likelihood) comes under:

• Risk Identification
• Risk Auditing
• Risk Monitoring
• Risk Assessment

Answer :

3. Residual risk is a combined function of

• (1) a threat less the effect of threat-reducing safeguards, (2) a vulnerability less the effect of vulnerability-reducing safeguards, and (3) an asset less the effect of asset value-reducing safeguards.
• (1) a threat less the effect of threat-reducing safeguards, (2) a vulnerability plus the effect of vulnerability-reducing safeguards, and (3) an asset less the effect of asset value-reducing safeguards
• (1) a threat plus the effect of threat-reducing safeguards, (2) a vulnerability plus the effect of vulnerability-reducing safeguards, and (3) an asset plus the effect of asset value-reducing safeguards
• (1) a threat plus the effect of threat-reducing safeguards, (2) a vulnerability plus the effect of vulnerability-reducing safeguards, and (3) an asset less the effect of asset value-reducing safeguards

Answer :

4. Risk tolerance defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.

• True
• False

Answer :

5. The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called

• Attack Success Probability
• Loss Frequency
• Loss Magnitude
• Probable Loss

Answer : See Answers

6. TechNova Inc. owns Asset A, an online customer transactions database. Industry research suggests there is a 10% probability of a cyberattack against this database in the coming year, based on an estimated frequency of one attack every 10 years. The company’s information security and IT teams estimate that, if such an attack occurs, there is a 50% chance it will be successful given current vulnerabilities and existing security measures. The database has an asset value of 50 on a 0–100 scale, and the teams believe that a successful attack would result in 100% loss or compromise of the asset. Based on current knowledge, the security team believes that these assumptions and data are 90% accurate.

Using the formula: Risk =(Loss Frequency × Loss Magnitude)+ Uncertainty Term Calculate the final risk score for Asset A.

• 2.75
• 2.5
• 3.75
• 2.25

Answer :

7. Which of the following is not true?

• The mitigation risk control strategy attempts to shift risk to other assets, other processes, or other organizations.
• The mitigation risk control strategy reduces the impact of the loss caused by a realized incident, disaster, or attack through effective contingency planning and preparation.
• The mitigation risk control strategy attempts to reduce the impact of an attack rather than reduce the success of the attack itself.
• The mitigation risk control strategy requires the creation of three types of contingency plans: the incident response plan, the disaster recovery plan, and the business continuity plan.

Answer :

8. The process of identifying and documenting specific and provable flaws in the organization’s information asset environment is known as:

• Risk Assessment
• Vulnerability Assessment
• Asset Scanning
• Risk Control

Answer :

9. “Blackmail threat of information disclosure” is an example of:

• Espionage or trespass
• Compromises to intellectual property
• Information extortion
• Sabotage or vandalism

Answer :

10. Which of the following statements is /are true? (Select all that apply. More than one answer may be possible)

• Risk management examines and documents the information technology security being used in an organization.
• A key component of a risk management strategy is the identification and classification of the organization’s information assets, while prioritization is performed only after risk controls are implemented.
• Risk management helps an organization identify vulnerabilities in its information systems and take carefully reasoned steps to assure the confidentiality, integrity, and availability of all components in those systems.
• The goal of risk assessment is to assign a risk rating or score that represents the relative risk for a specific vulnerability of an information asset.

Answer : See Answers