CRISC

Course
Time
5 hours 20 minutes
Difficulty
Advanced
CEU/CPE
7

Video Description

This lesson offers a review of the module's key points: - Risk response strategies - Risk reduction - Business continuity

Video Transcription

00:03
All right, So let's go ahead and wrap up what we've talked about here in module for Let's do our review. Ah, this chapter, of course, was about risk management, and we talked about and specifically risk responses. So here, with our risk response strategies, we looked at risk reduction first.
00:20
So with risk reduction, we want a lesson. Either the probability, really the probability
00:24
and or the impact of a risk. We wantto, uh, bring those down and the phrase that we want. We want to bring those down thio levels that match with our company's risk collars that we operate within that risk. Coward. So, um,
00:42
when we reduce a risk, we're left with residual risk, and it's that residual risk that has to be within the tolerance of our organization.
00:52
Now, the most stringent form of risk reduction is risk avoidance. If you lesson probability or impact zero, well, you've afforded the risk. The problem with that is, we don't really think in terms of avoiding all risks. There may be a particular risk you can avoid,
01:10
but you can't avoid them. Also, Usually we focus on that risk reduction.
01:14
Now, another option is to transfer risk We talked about that being insurance service level agreements, contract modification, but we're gonna share in the loss associated with the risks.
01:23
The other option is to simply accept the risk. But we have to make sure we've done our due diligence, and we can document why we chose to accept the risk and we leave a paper trail. We would never want to be found to be liable for failing to protect the company's assets.
01:38
All right, now, the next section, we looked at policies like separation of Judy's. You'll control mandatory vacations, a CZ ways to reduce risks. And then we looked at technology. Many technological, uh, elements that we can use, whether their firewalls or cryptography access control this,
01:57
whatever those may be,
01:59
always the answers in a layer defense. There is no one device that will protect you, so we have layer after layer after layer,
02:07
and we wrapped up by taking talking about business partners. We have to remember risk management will not always be successful. There will be risks we failed to identify. There will be risks that are larger than we we figured for. If you will, there will be
02:25
risks that were not properly mitigated. The mitigation strategies fail.
02:30
They're all sorts of reasons that risk mitigation may leave us with more damage, more loss than we anticipated. That's okay because we have a robust business continuity plan. We're gonna be okay. We're gonna land on our feet. So it's really important to understand that relationship
02:47
that risk management is for those common,
02:51
there's commonly expected events that we really think we're gonna happen. There's things that have a medium or a high probability business con Vincent's continuity is what falls through the cracks.
03:02
Now, in her next chapter, we're gonna be moving on, talking about monitoring and controlling risks. And we always have to remember you're never done with risk management, so we'll tackle that in Chapter five.

Up Next

CRISC

Archived Certified in Risk and Information Systems Control is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor