System-specific risk analysis

In this video, learn the four goals of risk analysis: to identify assets or asset value, identify vulnerabilities or threats, calculate threat probability or impact, and balance the threat impact with countermeasure cost.

- [Instructor] A risk analysis is a tool…used during risk management…to identify vulnerabilities and threats,…to assess their impact,…and to determine what controls to utilize.…This can also be termed a risk assessment.…There are four goals in risk analysis:…identifying assets and their value,…identifying vulnerabilities and threats,…calculating threat probability and impact,…and balancing the threat impact…with the cost of countermeasures.…The organization's management and the risk analysis team…determine which assets and threats to include…prior to starting the risk analysis or assessment.…

Based on this selection,…the project is scoped to the proper size.…The list of assets and threats…should be provided to management for approval…which then finalizes the budget…for the risk assessment project.…Risk assessments should be conducted…prior to any new mergers, acquisitions,…or deployment of new technologies.…Basically, any time you have a large change,…you should conduct a risk assessment.…These risk assessments can identify areas…

Resume Transcript Auto-Scroll

Author

Jason Dion

Skill Level Advanced

2h 34m

Duration

47,875

Views

Show More Show Less

Introduction
- Welcome
  1m 11s
- What you should know
  1m 10s
- About the exam
  1m 43s
- Risk management fundamentals
  3m 39s
1. Risk Mitigation Strategies and Controls (Obj. 1.3)
- The CIA triad
  3m 45s
- Data security classification
  2m 40s
- Stakeholders input into CIA decision making
  58s
- Access control categories
  2m 34s
- Access control types
  2m 1s
- The aggregate CIA score
  3m 23s
- Extreme scenario and worst-case scenario planning
  5m 3s
- Extreme scenario and worst-case scenario example
  3m 43s
- System-specific risk analysis
  1m 21s
- Risk determination
  2m 4s
- Magnitude of impact
  3m 13s
- Likelihood of threat
  2m 48s
- Return on investment
  5m 5s
- Total cost of ownership
  1m 43s
- Risk management strategies
  2m 51s
- Risk management process
  4m 2s
- Continuous improvement and monitoring
  1m 11s
- Business continuity planning (BCP)
  2m 44s
- IT governance
  4m 45s
2. Business and Industry Influences and Associated Security Risks (Obj. 1.1)
- Risk management of new products, technologies, and user behaviors
  2m 11s
- Business models and strategies
  42s
- Partnerships
  1m 10s
- Outsourcing
  1m 55s
- Third-party outsourcing and security
  3m 1s
- Cloud
  2m 20s
- Acquisition or mergers and divestiture or demerger
  2m 40s
- Integrating diverse industries
  3m 17s
- Internal and external influences
  3m 6s
- De-perimeterization
  3m 38s
3. Security, Privacy Policies, and Procedures in Risk Management (Obj. 1.2)
- Changes and policy development
  2m 42s
- Changes and process or procedure development
  1m 33s
- Legal and regulatory compliance
  6m 20s
- Risk assessment or Statement of Applicability
  1m 57s
- Business Impact Analysis
  5m 19s
- Interoperability Agreement and Interconnection Security Agreement
  2m 3s
- Memorandum of Understanding
  1m 27s
- Service Level Agreement and Operating Level agreement
  1m 16s
- Non-Disclosure Agreement
  1m 3s
- Business Partnership Agreement
  1m 4s
- Master service agreement
  1m 1s
- Privacy considerations
  1m 39s
- Separation of duties
  1m 52s
- Job rotation and mandatory vacations
  57s
- Least privilege
  1m 50s
- Incident response
  4m 57s
- Digital forensics
  1m 47s
- Employment and termination procedures
  2m
- Continuous monitoring
  1m 32s
- User training and awareness
  2m 30s
- Auditing requirements and frequency
  1m 49s
4. Measurements and Metrics in Risk Management (Obj. 1.4)
- Benchmarks and baselines
  1m 42s
- Prototyping and multiple test solutions
  1m 38s
- Cost benefit analysis
  1m 12s
- Metrics collection and analysis
  2m 23s
- Analyzing and interpreting trend data
  2m 9s
- Reviewing security controls
  1m 25s
- Reverse engineering and deconstructing security solutions
  1m 17s
- Analyzing security solutions to meet your business' needs
  3m 55s
- videos learned and after-action reports
  1m 29s
- Solving difficult problems that have no right answer
  1m 47s
Conclusion
- Next steps
  1m

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Lynda.com is now LinkedIn Learning!

To access Lynda.com courses again, please join LinkedIn Learning

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

System-specific risk analysis

Author

Skill Level Advanced

Duration

Views

Introduction

1. Risk Mitigation Strategies and Controls (Obj. 1.3)

2. Business and Industry Influences and Associated Security Risks (Obj. 1.1)

3. Security, Privacy Policies, and Procedures in Risk Management (Obj. 1.2)

4. Measurements and Metrics in Risk Management (Obj. 1.4)

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month