1 hour 39 minutes
This is risk management and information technology.
In this lesson, we will be discussing the risk assessment process,
how risk is calculated and the different risk assessment methodologies.
Let's start by talking about risk assessment,
Calculating risk or risk assessment is usually done by 3rd party or auditing group.
The German large organizations are audited by 3rd Party to ensure impartial assessments that follow best practices in that industry,
third party organizations are also capable of determining the proper scope of the research and assessment.
They are also able to calculate the liability of the risk following industry standards.
This allows the 3rd Party auditors to produce a reliable measurement of the risk in line with the industry that the organization is in.
So how does the risk assessment process work?
1st upper management initiates assessment
by defining the scope with regards to the business unit or part of the organization such as ICT operations.
The hired risk assessment team then creates a report based on methodologies that details risk within that scope.
After the reports received by upper management, they decided what the next steps are and which risk are actionable and which ones are not.
Okay, let's talk about the risk assessment process.
First step is management that requests for the risk assessment. Of course they hired the risk assessment team which determines the risk.
After that report is generated. Management receives that risk report
and then they approve, reassign or reject those recommendations
based on the responses. The staff executes those risk management recommendations
and the process starts over once new risk assessments needs to be made.
Next let's talk about the risk assessment methodologies used by the risk assessment team.
Qualitative risk analysis uses scenario based surveys and questionnaires given to employees across the scope of the risk assessment.
While quantitative risk analysis uses calculations
and leverages the data that the risk assessment team has on the industry as well as statistics.
A combination of these two methodologies provide a better view of the risk levels of the organization
within that scope.
With this in mind, let's talk about qualitative risk assessment.
This is a scenario based assessment that utilizes service and questionnaires that is sent out the organization in scope of the risk assessment.
The results are collected and tabulated against the scale to evaluate risks, costs and effects.
Now, let's talk about quantitative risk assessment. This is calculation based and uses probability percentages to calculate the risk.
It also uses dollar figures to determine the levels of risk. The potential loss cost of countermeasures and value of safeguards.
Still could quiz.
Which of the following is not a reason why a third party should conduct a risk assessment
set A because of the size of the organization.
Be because of the scope of research and assessment
see? Because the employers lack of fated employees
be because the liability of the risk or e.
Because you want to produce a more reliable measurement of real world risk.
the answer is c
the employer does not have lack of faith employees because you want to ensure more accurate and reliable report and measurement of the risk.
That's why you want to pick a 3rd party.
Which of the following is not a reason why scope is important to risk has has made
said A. The cover the size of the organization
be to cover the assessment does not go out of budget.
See to produce a more reliable measurement of risk.
to limit the liability of the risk assessment
and the answer is B
to ensure the assessment does not go out of budget.
Which of the following is the reason why scope is important to risk assessment?
Is it a the cover the size of the organization
be to produce a more reliable measurement of real world risk See to limit the liability of the risk assessment or D All of the above
the answer is D all of the above the scope defined what is covered in the risk assessment to ensure that the result is accurate, reliable and actionable for the organization.
which of the following is not a risk assessment methodology.
Is it a quantitative risk assessment?
Be qualitative risk assessment? See a combination of the first two
Mordy directly. Question and interview employees.
The answer is D
The risk assessment process should be formal, can be tabulated and calculated as well as actionable, directly questioning an interview employees can lead to a reliable data and cannot be easily quantified into an actionable assessment,
summarize this episode.
We talked about the risk assessment team and function as purpose why we hired 3rd party.
We also talked about the risk assessment process and how it goes about from management to the risk assessment team, back to management
and into the
We also talked about different types of risk assessment methodologies.
thank you for completing this lesson. This is your instructor, robert Downey.
Certified Information Security Manager (CISM)
A CISM certification shows you have an all-around technical competence and an understanding of the ...
13 CEU/CPE Hours Available
Certificate of Completion Offered
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered