b. An employee clicking a phishing link A threat actor refers to an individual or entity that poses a threat to an organization's security, typically by engaging in malicious activity. An employee clicking a phishing link can be considered a threat actor, as their action may open the door for potential security breaches. In contrast, a password, antivirus program, and firewall serve protective roles rather than acting as threats.

The term that describes the quality of being genuine in data is **c. Authenticity**.

In the context of cybersecurity, 'Seclusion' typically refers to the concept of keeping certain data or systems isolated from unauthorized access or exposure. The closest option that aligns with this definition is: **b. Storing something in a hidden location** This means keeping sensitive information secured and out of reach from unauthorized users or threats.

b. Advise or mandate actions to influence behavior 'Directive Control' refers to security measures that provide guidance on how to conduct activities in order to manage risks and influence behavior in a desired direction.

The term 'Control Gap' in risk management refers to: **c. Portion of risk not covered by controls** A control gap indicates areas where existing controls do not sufficiently mitigate identified risks, leaving an organization's operations exposed to potential threats.

The key purpose of a security 'procedure' is: **c. Step-by-step implementation instructions** Procedures are designed to provide specific, detailed steps that must be followed to ensure compliance with security policies and to effectively manage security risks.

c. Substitutes for primary control that cannot be implemented Compensating controls are alternative measures put in place to meet a security requirement when the primary control cannot be implemented effectively.

The primary security concern with 'Data in Transit' is **c. Interception and tampering**. This refers to the risk that data being transmitted over networks can be intercepted by unauthorized parties or altered during transmission, potentially leading to breaches of confidentiality and integrity.

c. MBR Virus An MBR (Master Boot Record) virus specifically targets and infects the master boot record of a storage device, which is crucial for the booting process of an operating system.

The main purpose of a 'baseline' in security documentation is: **b. Sets minimum acceptable security levels** A baseline establishes the minimum standards and requirements for security measures within an organization, helping to ensure compliance and consistency in security practices.

The control framework known for the publication SP 800-53 is **c. NIST** (National Institute of Standards and Technology).

The correct answer is **b. Data Custodian**. The Data Custodian is typically responsible for implementing access controls according to the specifications set by the Data Owner.

In STRIDE threat modeling, 'S' stands for **Spoofing**.

c. Risk Management ISO 31000 is a standard that provides guidelines on risk management principles and processes. It is designed to help organizations manage risks effectively and is applicable to any organization regardless of size, industry, or sector.

c. Detective Detective controls are designed to identify and detect security breaches or incidents after they have occurred.

c. Operational

In quantitative risk analysis, 'SLE' stands for **b. Single Loss Expectancy**.

c. Ransomware