L
Level of Concern
The rating which indicates which protection tactics and processes should be applied to an information system to keep it safe and operating at an optimum level. A level of concern can be basic, medium or high.
Likelihood of Occurrence
The probability of a vulnerability being exploited. This information is normally included in an organization’s Risk Management Plan. Both the probability of the risk event occurring as well as the estimate of the potential impact or damage if the event occurred.
Locky
Ransomware that is delivered by email containing what appears to be a legitimate invoice, but is actually a Microsoft word document that contains malicious macros. It is a 32bit windows executable packed in a crypter/droper, that once the dropped copy is launched it is renamed svchost.exe and begins encrypting files. This ransomware campaign has been associated with the Dridex cyber criminal organization.
Logic Bomb
code intentionally inserted into software, that is triggered to perform a malicious function once certain, pre defined conditions are met. This is a security concern that should be considered when a programmer or security professional is fired from a company. They could insert a piece of code into the system that could delete important files once their accesses are removed from the active directory.
Low Impact
a security item, to include vulnerabilities or cyber threats, that, if exploited, would cause minimal loss, or have minor impact to the confidentiality, integrity or availability to the information system. This would include the potential damage to the company’s financials, reputation, ability to function or harm to its people.