Video Description

This lesson discusses risk management. The instructor emphasizes that organizations should provide just enough security. Essentially, figure out the value of what needs to be protected and look at the threats and vulnerabilities then conduct a cost-benefit analysis to determine how much to spend. Having too little security as well as too much security in place does a disservice to the business. This lesson also covers the following risk related definitions: 1. Risk 2. Threat 3. Vulnerability 4. Exploit 5. Controls 6. Secondary Risk 7. Residual Risk 8. Fallback plan 9. Workaround

Course Modules

ISC2 CISSP - Archive