Module Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
welcome back to CyberRays is of course, I'm your instructor. Brad Roads.
00:04
Well, we have made it to the end of module three domain to anticipate this is our risk management module. So let's jump into our summary
00:13
in this video. We're going to talk about thes areas. We're talking about enterprise risk management,
00:19
context, analysis, evaluation findings and decisions. The next one, we're gonna talk about its tolerance, mediation and treatment options, and our goal here, like I said previously in another module summary, is to give you the things you need to remember as it relates to the content.
00:36
So in enterprise risk management, we need to remember the three levels, right? It's all about organization. That's Tier one mission business process. That's Tier two, and then systems of the hands on keyboard focus That's two or three. And what we do with risk is different in each of those levels.
00:54
The next one, we want to talk about his risk context, evaluation, analysis and evaluation.
00:59
This is all about attitude and appetite, right? This is all about how much tolerance you have. Are you willing to accept What? What risk are you willing to accept? Are you the tight rope walker that walks the tightrope across the canyon without a safety harness. I eager highly tolerant of risk Or are you low tolerance? And you strap on a Szmyd. Any potential harnesses as you can,
01:18
right? So that's what we're talking about there.
01:19
Um, we talk about risk findings and decisions. It is imperative that we communicate results. Uh, if we identify ah, high risk area and we don't communicate that immediately and east, you know, check fire on the range, if you will. You you're doing something wrong. Bad news does not get better with time. We need to communicate
01:38
high risk findings immediately to the Tier one
01:42
organization executive level
01:46
in stakeholder risk tolerance. This is all about uncertainty, right? What's acceptable to our stakeholders. And remember, stakeholders can be anyone who believes they're impacted by this system of product that you're working on.
01:57
We talk about risk for mediation. I need to remember poems. Remember the fact that it's a it's a
02:02
a poem is how we track
02:06
risk changes in a change management system. So remember, poet
02:09
and then finally we talked about risk treatment options, and we talked about the fact that we never get to zero risk. That is a falsehood. We're always going to have residual risk. And it's imperative as it sees that we manage that residual risk for our organizations.
02:25
So in this video, we did a summary of module
02:30
three domain to risk management for is up. We talked about these areas in terms of risk management, context, analysis, evaluation findings, decisions. We talked about our stakeholders again talked about risk remediation. We talked about the different treatment options and the fact that we have to manage residual risk.
02:47
Well, we're moving right along. Let's jump in next to Module four, domain three of Issa.
02:55
We'll see you there.
Up Next
Information Systems Security Engineering Professional (ISSEP)

This ISSEP course provides students with the foundational knowledge of the concentration area of the CISSP certification that includes a focus on the processes used to develop secure systems. Students will learn key concepts and skills of the five ISSEP domains.

Instructed By