From the course: CompTIA CySA+ (CS0-002) Cert Prep: 7 Compliance and Assessment
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Risk management frameworks
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 7 Compliance and Assessment
Risk management frameworks
- [Instructor] Risk management is a complex topic, and fortunately, organizations don't need to design their own risk management processes from the ground up. Risk management frameworks provide proven, time-tested techniques for performing enterprise risk management. Risk management frameworks may be prescriptive, specifying exact controls that must be used in specific circumstances. Prescriptive frameworks are typically found in highly regulated environments such as credit card processing and healthcare. Risk management frameworks may also use a risk-based approach that allows organizations to select the security controls that they deem appropriate based upon the likelihood and impact of each risk. One of the most widely used risk management frameworks was developed by the National Institute of Standards and Technology, a U.S. federal government agency. The NIST process is mandatory for many government computer systems,…