CISM

Course
Time
12 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:01
all right. The last little piece of this section. The I T risk assessment report. So we've identified our risks, and we've assessed him. We've determined of value. Now, this information is going to help us analyze with the appropriate risk management strategies they're gonna be
00:18
Usually this is information that is separate from the risk register.
00:23
However, some of the information on your risk assessment report will go in the risk register and again, gap analysis where we are versus where we want to be. So ultimately, this is gonna be a document that we're gonna present the senior management.
00:39
Ah, that's going to indicate the areas that we consider ourselves to be still vulnerable,
00:45
meaning where we feel like we have residual risk. That's outside off the acceptable limits. Because if we do have more risk than we're willing to accept, then we need to act on it. Okay, so we're gonna make some recommendations. We see that maybe we need further mitigation in the event of
01:04
internal,
01:07
uh, internal malicious user. Right. And that's gonna be part of our recommendation. So we collect information, we present it. We also make recommendations, including prioritization,
01:21
and ultimately we're gonna go through and part of this record. Like I said, it's Ah, This report is a formalized document for senior management. So we'll go through and talk about what our purpose with risk assessment was. We'll talk about any techniques we used for risk assessment will talk about
01:40
the scope, Which means how large the assessment. Woz. What was it particular, too?
01:46
Any type of information, how our risk context impacted us, Um, the quality of the data like we've already talked about. So basically everything that we've done up to this point as a schism, we're now gonna collect that information, and we're gonna finalize it in a report.
02:05
And again, usually what we're looking to do here is to get management's backing
02:09
for the mitigation strategies that we want to put in place.
02:15
Ultimately, senior management, like we've said, has tthe e ownership of the risk, and that should be documented. Ultimately, the owner of the data, the owner of the system, they're the ones capable off approving an implementing mitigation,
02:35
and they're the ones who choose the mitigation strategy
02:38
that needs to be documented also right. We want that clear path of reporting, and it's important that ownership be high enough to an individual within the organization that can sign the checks and actually authorize the changes.
02:54
So that leads us to a wrap up of the assessment process. Remember, we've still got four identify, assess. So what's coming up next is gonna be risk mitigation where we take all this information that we've collected and we figure out how are we gonna bring residual risk
03:14
down to within an acceptable level?

Up Next

CISM

Cybrary's Certified Information Security Manager (CISM) course is a great fit for IT professionals looking to move up in their organization and advance their careers and/or current CISMs looking to learn about the latest trends in the IT industry.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor