Video Description

In this lesson, instructor Kelly Handerhan will detail the specifics of effective risk management as a whole. You will find out what risk management is and what elements make up risk management. Risk management consists of four main components:

  • Risk assessment: identifying assets, threats, and vulnerabilities
  • Risk analysis: the value of potential risks
  • Risk mitigation: the response to risk
  • Risk monitoring: risk is forever!

You will become familiarized with important risk assessment methodologies such as: - OCTAVE: an approach where analysts identify assets and their criticality, identify vulnerabilities and threats and base the protection strategy to reduce risk.

  • FRAP: Facilitated Risk Analysis Process. Qualitative analysis is used to determine whether or not to proceed with a quantitative analysis.
  • NIST-800-30: is the risk management guide for information technology systems

Learn about the NIST 800-30 9 step process: - System characterization

  • Threat identification
  • Vulnerability identification
  • Control analysis
  • Likelihood determination
  • Impact analysis
  • Risk determination
  • Control recommendations
  • Results documentation

Discover the benefits of using the NIST 800-30 9 step risk assessment activities process to establish an effective and thorough risk assessment protocol. The NIST 800-30 process will go far to improve your data security while ensuring that limited resources are dedicated where they can do the most good.

Course Modules