2. TRUE or FALSE In ISO Common Criteria for Information Technology and Security Evaluation, EAL 4 provides higher assurance than EAL 7 at a lower cost.
9. TRUE or FALSE Security controls are the (main) mechanisms/means used to reduce risk consequence and risk likelihood.
Explain the difference between a vulnerability, threat, and control. Define each and please provide an example of each.
Most security models categorize controls into three types: management, operational, and technical. Describe each of these categories, and provide two examples of controls that would fall within each category.