In this video, learn the four goals of risk analysis: to identify assets or asset value, identify vulnerabilities or threats, calculate threat probability or impact, and balance the threat impact with countermeasure cost.
- [Instructor] A risk analysis is a tool…used during risk management…to identify vulnerabilities and threats,…to assess their impact,…and to determine what controls to utilize.…This can also be termed a risk assessment.…There are four goals in risk analysis:…identifying assets and their value,…identifying vulnerabilities and threats,…calculating threat probability and impact,…and balancing the threat impact…with the cost of countermeasures.…The organization's management and the risk analysis team…determine which assets and threats to include…prior to starting the risk analysis or assessment.…
Based on this selection,…the project is scoped to the proper size.…The list of assets and threats…should be provided to management for approval…which then finalizes the budget…for the risk assessment project.…Risk assessments should be conducted…prior to any new mergers, acquisitions,…or deployment of new technologies.…Basically, any time you have a large change,…you should conduct a risk assessment.…These risk assessments can identify areas…
Author
Jason Dion
Released
4/5/2018We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Risk mitigation strategies and controls
- Data security classification
- Extreme scenario and worst-case scenario planning
- Risk management of new products, technologies, and user behaviors
- Business models and strategies
- Third-party outsourcing and security
- Integrating diverse industries
- Security, privacy policies, and procedures in risk management
- Metrics collection and analysis
- Analyzing security solutions
Skill Level Advanced
Duration
Views
-
Introduction
-
Welcome1m 11s
-
What you should know1m 10s
-
About the exam1m 43s
-
Risk management fundamentals3m 39s
-
-
1. Risk Mitigation Strategies and Controls (Obj. 1.3)
-
The CIA triad3m 45s
-
Data security classification2m 40s
-
Access control categories2m 34s
-
Access control types2m 1s
-
The aggregate CIA score3m 23s
-
Risk determination2m 4s
-
Magnitude of impact3m 13s
-
Likelihood of threat2m 48s
-
Return on investment5m 5s
-
Total cost of ownership1m 43s
-
Risk management strategies2m 51s
-
Risk management process4m 2s
-
IT governance4m 45s
-
-
2. Business and Industry Influences and Associated Security Risks (Obj. 1.1)
-
Partnerships1m 10s
-
Outsourcing1m 55s
-
Cloud2m 20s
-
De-perimeterization3m 38s
-
3. Security, Privacy Policies, and Procedures in Risk Management (Obj. 1.2)
-
Business Impact Analysis5m 19s
-
Memorandum of Understanding1m 27s
-
Non-Disclosure Agreement1m 3s
-
Master service agreement1m 1s
-
Privacy considerations1m 39s
-
Separation of duties1m 52s
-
Least privilege1m 50s
-
Incident response4m 57s
-
Digital forensics1m 47s
-
Continuous monitoring1m 32s
-
User training and awareness2m 30s
-
4. Measurements and Metrics in Risk Management (Obj. 1.4)
-
Benchmarks and baselines1m 42s
-
Cost benefit analysis1m 12s
-
Reviewing security controls1m 25s
-
-
Conclusion
-
Next steps1m
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: System-specific risk analysis