Risk Management Lifecycle

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

CompTIA Network+ (N10-008)
Course
Time
9 hours 49 minutes
Difficulty
Beginner
CEU/CPE
10
Video Transcription
00:00
>> When it comes to addressing
00:00
risks in our information security contexts,
00:00
it helps if we examine the risk management lifecycle.
00:00
There are essentially four phases of the life cycle.
00:00
When we look at it, we start with identifying our risks.
00:00
You can't respond to a risk if you haven't identified it.
00:00
Actually this first piece is the most important.
00:00
We look at our assets, their threats,
00:00
and vulnerabilities, and that tells us what risks exist.
00:00
Now we have a list of risks.
00:00
The next thing that we need to
00:00
do is we need to conduct a risk assessment.
00:00
With a risk assessment,
00:00
what we're trying to do is to
00:00
determine a value for the risk,
00:00
I want to loss potential.
00:00
There we look at probability times impact.
00:00
There's an 80 percent chance I'm going to lose $10,000,
00:00
so that's an $8,000 risks.
00:00
Next, we're going to move into risk mitigation.
00:00
Based on the potential for loss,
00:00
I need a way to mitigate
00:00
that risk to a degree
00:00
that's acceptable by senior management.
00:00
This is where we implement our controls perhaps,
00:00
or we may avoid the risk altogether,
00:00
or we may transfer it through insurance.
00:00
But ultimately, risk mitigation is how we
00:00
respond and how we respond to
00:00
our risk is driven by the risk assessment,
00:00
what we learned in risk assessment.
00:00
Once we implement our mitigation strategy
00:00
or our risk response or our controls,
00:00
then we continue to monitor risks so that we make
00:00
sure that risks are being addressed properly,
00:00
that our controls are meeting their objectives,
00:00
and that our risk posture
00:00
stays within an acceptable range.
00:00
What we've talked about in this section,
00:00
just looking at the remainder of the risks section,
00:00
how we identify risks,
00:00
how we assess them, mitigate them,
00:00
and how we continue to
00:00
monitor through evaluating our controls.
Up Next
View All
Instructed By
Kelly Handerhan

Kelly Handerhan

Senior Instructor
Ebie Prideaux

Ebie Prideaux

Voice Over Artist
Similar Content
CompTIA Network+ N10-007
Practice Test
CompTIA Network+ N10-007
4.11
CyberVista’s CompTIA Network+ N10-007 Practice test is intended for learners to assesses their knowledge of ...
Interconnecting Cisco Networking Devices Part 1 (ICND1)
Practice Test
Interconnecting Cisco Networking Devices Part 1 (ICND1)
4
Interconnecting Cisco Networking Devices Part 1 (ICND2) practice test helps prepare for the ICND2 100-105 ...
CompTIA Network+ N10-008
Virtual Lab
CompTIA Network+ N10-008
In the new CompTIA Network+ N10-008 Practice Lab, you will learn a number of ...