The Security and Risk Management Support Materials module provides you with the information required to support your hands-on learning.
- Security and Risk Management Support Materials
The following exam objectives are covered in this lab:
- CAS-002 2.2: Given a scenario, execute risk mitigation planning, strategies and controls
- CAS-002 2.3: Compare and contrast security, privacy policies and procedures based on organizational requirements
Supporting Lab Material - Security and Risk Management Part 1
Security management encompasses the administrative, technical and physical controls necessary to adequately protect the confidentiality, integrity and availability which is known as the CIA Triad of information assets.
Regardless of the size of an organization, security management is an essential task for IT professionals to ensure that risks are identified beforehand and consequently controls or restrictions are applied to minimize its impact on the business.
Security management ensures the interrelationships among assessing risk, implementing policies and controls in response to the risks, promoting awareness of the expectations, monitoring the effectiveness of the controls, and using the collected information as reference point for the next risk assessment.
The following topics are covered.
- Confidentiality, integrity and availability
- Apply security governance principles
- Compliance and frameworks
- Understand legal and regulatory issues
- Understand profession ethics
- Develop and implement documents security policy, standards, procedures, and guidelines
- Understand business continuity requirements
Supporting Lab Material - Security and Risk Management Part 2
Continuing the exploration of security and risk management the following objectives will now be considered.
- Contribute to personnel security policies
- Understand and apply risk management concepts
- Understand and apply threat modelling
- Integrate security risk considerations and into acquisition strategy and practice
- Establish and management information security education, training, and awareness