Ongoing Monitoring

Video Activity

This lesson covers the importance of risk management as an ongoing activity. Risks to data security must be monitored constantly to detect if new risks have arisen or if mitigation strategies are no longer effective. Strategies must be in place to address new risks as they are discovered. Risks can never be eliminated, only minimized to levels acce...

Join over 3 million cybersecurity professionals advancing their career

Sign up with

Required fields are marked with an *

or

Sign up with Google

Sign up with Apple

Sign up with Microsoft

View all SSO options

Already have an account? Sign In »

Chief Information Security Officer (CISO)

Course

Time

3 hours 54 minutes

Difficulty

Advanced

CEU/CPE

4

Video Description

This lesson covers the importance of risk management as an ongoing activity. Risks to data security must be monitored constantly to detect if new risks have arisen or if mitigation strategies are no longer effective. Strategies must be in place to address new risks as they are discovered. Risks can never be eliminated, only minimized to levels acceptable to senior management.

Video Transcription

00:04

Okay, So in looking with risk management, we've talked about risk assessment, which basically, we're gonna identify, evaluate our assets and we're gonna think about threats and vulnerabilities. Then we move into risk analysis where we want to get a value. We're looking to figure out what is the potential for loss.

00:21

No said. There's qualitative risk analysis

00:24

that's more subjective in nature. We're going to use words like very likely unlikely or high probability, medium probability, very subjective and quantitative analysis, which is more objective. It's more fact based numeric or empirical data

00:43

eso looking for value

00:45

with analysis. And then we look to mitigate a risks we look to reduce, which is less than the probability and or impact we look to trans. First, that we can share in the potential for loss. Or sometimes when the cost of the counter measures just too expensive, we accept the risk.

01:03

So those were the main elements of a risk, and just the last slide in this chapter,

01:07

keeping in mind that risks never go away. You know, we really don't eliminate risks usually are big thing that we do is we reduce risks to a level that's acceptable by senior management, right? We've talked about that idea again and again. Well, ultimately, once we get that risk, too,

01:27

the specific level that senior management wants

01:30

now we've got to keep tracking, making sure that it stays at that level. We constantly have new threats emerging every single day, something new. There's some new way to do the same old stuff, whether it's fraud or theft or or whatever that may be.

01:47

So we have to stay very knowledgeable of emerging trends,

01:52

of emerging threat, new vulnerabilities that are popping up in the software that were using. And we constantly have to make sure that we're operating within the confines off. What management feels like is an acceptable level of risk. That's our jobs, information, security officers. So we've

02:10

done all of those elements to manage with risk.

02:13

Now we're gonna continue to monitor to make sure we stay in the right place.

Up Next

Purpose of Security Strategy

Management Responsibilities

Questions and Pitfalls

Intro and Liability

Instructed By

Kelly Handerhan

Senior Instructor

Similar Content

Incident Response Lifecycle

Incident Response Lifecycle

Want to build on your foundational knowledge of cybersecurity incident response? By taking this Incident ...

5CEUs

Become a CISO

Taught by CISOs for CISOs, this Career Path has developed thousands of executives worldwide. Interact ...

Privacy Program Management

Privacy Program Management

An effective Privacy Program protects you from liability associated with data disclosure and demonstrates to ...

4CEUs