Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Now that we've discussed confidentiality, integrity & availability, explored the types of attacks our systems encounter, and looked at layered defense strategies we can deploy, we now want to focus on Risk. Risk from an information security perspective is important because "every decision you make as a CISSP starts and is based upon Risk." Along with risk, you must think cost benefit analysis (CBA). For example, you'll learn what the means, and what it means to properly identify and valuating the companies data and assets. You'll explore how to provide cost effective solutions and design effective mitigation strategies. And finally, in rounding out Risk Definitions segment of our Information Security Governance & Risk Management Chapter, we'll discuss at length some key definitions by clarifying what an asset is, and explaining other terms including "controls", "exploit," and "threat agent."