Question Scenario: -You are appointed as the CIO for company A, your first day of the job is the next coming Monday. The first step you should take when you join this position is to sit with management and understand the position of the company. What they know and what they have already implemented as security measures in their company.

The CEO asked you to start from scratch and assume that there is no Security Policy at all. You Decide to start with the Risk Assessment and reporting that to management. So that they can create proper policies and you can start doing your work.

When you were doing the risk assessment, you found a lot of vulnerabilities and the majority of them also had threats associated with it. Some were going to affect confidentiality, some may damage integrity, and some may compromise the availability components of your organization. You complete the qualitative risk assessment, and quantitative risk assessment, and also try to get some asset valuation using the Delphi method.

Question:- When you were doing your assessment, what was that against which you considered threats which you used to evaluate risks and vulnerabilities?

a.) CIA Triad Principles

b). Amount of Money Company may suffer loss for

c). Value of Assets and Operations
d). Reputation Damage of Company

Answer:- The simple answer which majority of people will fail to answer is a). CIA Triad Principle.
Well whenever we are evaluating anything for security point of view, we always check these principles.

  1. ask yourself, is there any possibility to steal the data?
  2. any way to change the data?
  3. or any way in which someone can make other’s not access the data?

that is what the CIA in essence all about, and this summarizes all other Given options in itself only.

I know 70% people will fail to answer my question but if you are in 30% a very very big congratulations. maybe I can win from you on my another question at

interested to learn from me? check out my free training at