Video Description

The follow-on element to risk assessment is that of risk analysis. which we discuss in this video. Once we've identified our assets and the threats against them in the cloud, we must determine the cost of those assets along with the costs associated with protecting. We then go on to discuss the two types of risk analysis:

  • Qualitative Analysis - this is a subjective prioritization, or for all intents and purposes, a gut feeling. The "Delphi Technique" is often used and solicits anonymous input from other team members to help predict risk probability and to prioritize identified risks.
  • Quantitative Analysis - this is an objective approach based on math. Very detailed calculations produce concrete values which allow us to make much more informed decisions regarding risks and the total cost of ownership for assets.

Course Modules

ISC2 Certified Cloud Security Professional (CCSP)