Module Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to cybrary's of course,
00:00
I'm your instructor, Brad Rhodes.
00:00
Well, we have made it to the end of module three,
00:00
domain two, and this is our risk management module.
00:00
Let's jump into our summary.
00:00
In this video, we're going to talk about these areas.
00:00
We're talking about enterprise risk management,
00:00
context analysis evaluation findings, and decisions,
00:00
and the next one we're going to talk about
00:00
is tolerance, mediation,
00:00
and treatment options, and our goal here,
00:00
like I said previously in
00:00
another module summaries is to give you
00:00
the things you need to
00:00
remember as it relates to the ESEP content.
00:00
In enterprise risk management,
00:00
we need to remember the three levels.
00:00
It's all about organization.
00:00
That's tier 1,
00:00
mission business process, that's
00:00
tier 2, and then system,
00:00
so the hands-on keyboard focus,
00:00
that's tier 3,
00:00
and what we do with risk is
00:00
different in each of those levels.
00:00
The next one we want to talk about is
00:00
risk analysis and evaluation.
00:00
This is all about attitude and after-tax, right?
00:00
This is all about how much tolerance you have.
00:00
What risk are you willing to accept?
00:00
Are you the tight rope walker that walks
00:00
the tight rope across the canyon
00:00
without a safety harness?
00:00
Are you a highly tolerant of
00:00
risk or are you low tolerance and use
00:00
a strap on as many potential harnesses as you can, right?
00:00
That's what we're talking about there.
00:00
When we talk about risk findings and decisions,
00:00
it is imperative that we communicate results.
00:00
If we identify a high-risk area
00:00
and we don't communicate that immediately,
00:00
and AES check fire on the range, if you will.
00:00
You, you're doing something wrong.
00:00
Bad news does not get better with time.
00:00
We need to communicate high-risk findings
00:00
immediately to the tier 1 organization executive level.
00:00
In stakeholder risk tolerance.
00:00
This is all about uncertainty.
00:00
What's acceptable to our stakeholders?
00:00
Remember, stakeholders can be anyone who
00:00
believes are impacted by
00:00
the system or product that you're working on.
00:00
When we talk about risk for mediation,
00:00
I need you to remember poems.
00:00
Remember the fact that a poem is how
00:00
we track risk changes in a change management system.
00:00
So remember poems, and then finally we talked about
00:00
risk treatment options and we talked about
00:00
the fact that we never get to zero risks.
00:00
That is a falsehood we are
00:00
always going to have residual risk,
00:00
and it's imperative as SEs that we manage
00:00
that residual risk for our organizations.
00:00
In this video, we did a summary of Module 3,
00:00
domain 2, risk management for ISA.
00:00
We talked about these areas in terms of risk management,
00:00
context analysis evaluation, findings decisions.
00:00
We talked about our stakeholders again,
00:00
talked about risk remediation,
00:00
and we've talked about the different
00:00
treatment options and the fact
00:00
that we have to manage residual risk.
00:00
Well, we're moving right along.
00:00
Let's jump in next to Module 4,
00:00
domain 3 of AESEP will see you there.
Up Next