Overview/Description
Familiarity with key terms and concepts associated with security risk enables security leaders to identify, evaluate, and prioritize security risks. In this course, you'll get familiar with the terminologies, activities, and concepts associated with a security risk management process. You'll start by discovering the interdependence between assets, vulnerabilities, threats, and risks. You'll then investigate how to assess risk probability, measure the impact created by it, and the difference between risk appetite and risk tolerance. Next, you'll examine the components, benefits, and stages of a risk management process. You'll also identify different methods of treating risk and the importance of implementing controls as a part of a risk-based approach. Lastly, you'll recognize the standards for risk management and the advantages of managing and assessing security risk.
identify the similarities and differences between likelihood and probability assessment
recognize the role of vulnerabilities in risks and the correlation between risk and threat
outline risk probability, the impact generated by it, and how to measure it using a risk score
describe risk severity and identify various risk security levels
identify potential risks that may exist within an organization and differentiate between risk appetite and risk tolerance
define the concept and advantages of a risk management process
recognize the importance of a risk management plan and identify its components
describe the role of a risk register in managing risk and outline the elements of risks listed within it
describe the features of different risk treatment methods
recognize the importance of managing risk and implementing a risk-based approach
outline the elements of the COBIT 5 framework and describe the ISO 31000 standard for risk management
list the three key stages of a risk management process: risk identification, risk assessment, and risk management
illustrate the importance of security risk assessment in preempting and preparing for risks, prioritizing risks, and identifying assets to be protected