Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In this lesson, instructor Kelly Handerhan will detail the specifics of effective risk management as a whole. You will find out what risk management is and what elements make up risk management. Risk management consists of four main components:
- Risk assessment: identifying assets, threats, and vulnerabilities
- Risk analysis: the value of potential risks
- Risk mitigation: the response to risk
- Risk monitoring: risk is forever!
You will become familiarized with important risk assessment methodologies such as: - OCTAVE: an approach where analysts identify assets and their criticality, identify vulnerabilities and threats and base the protection strategy to reduce risk.
- FRAP: Facilitated Risk Analysis Process. Qualitative analysis is used to determine whether or not to proceed with a quantitative analysis.
- NIST-800-30: is the risk management guide for information technology systems
Learn about the NIST 800-30 9 step process: - System characterization
- Threat identification
- Vulnerability identification
- Control analysis
- Likelihood determination
- Impact analysis
- Risk determination
- Control recommendations
- Results documentation
Discover the benefits of using the NIST 800-30 9 step risk assessment activities process to establish an effective and thorough risk assessment protocol. The NIST 800-30 process will go far to improve your data security while ensuring that limited resources are dedicated where they can do the most good.