Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Now we'll look at the sources of risk from the conceptual side. Think of the formula: Threat x Vulnerability = Risk, there has to be a threat and a vulnerability in order to have a Risk. We'll look at examples of risk sources, learn what their impact is or could be from a security perspective and how they come about. As an example, a disgruntled employees is discussed, along with week access controls and poor physical security. We'll discuss Change Management. You'll review at all the components of change management and why having well-documented materials as part of a sound change management process is critical to any information system governance standard and risk management process. We'll also examine the effects having little or no change control process, and look at some of the shortcomings that cause significant security breaches when a solid change management system and documentation process is not in place. And finally, you can't discuss Sources of Risk without including the lack of redundancy and having poorly trained end-users. These situations are examined thoroughly because they tend to represent the most prevalent source of risk and threat to data security, so we'll examine how that happens and why.