3 hours 24 minutes
Welcome back to County a project plus P. K +0004
Now we're going to risk management risk management submission before we are now going to do a bit of a deeper dive
consists of two parts. So the first part we're gonna be getting introduced into risk the importance of risk management. Howto identify risk and how to quantify risk on ah second part when I look at further details about managing risk and controlling
So what is risk risk? Is any set of circumstances known or unknown, that represent a threat or an opportunity for the project?
Negative risk is what we call a threat. A positive risk is what we call an opportunity.
Look that I said, known or unknown,
we plan for risk.
We expect certain things to turn up.
This is plan or known risk,
but there could be circumstances that go out of our control. Let's take, for example,
a company that has a subsidiary down in a country,
Um, and in the country there, So some social revolt. That's something that you can't plan for, but that definitely effects the company's ability to produce. If the factories were located in those countries.
So, um, risk. We have to as much as possible, be conscious about and consider it.
And it is not always bad that there is risk. The fact that there is risk is one makes it possible
for certain things to be executed in a more efficient way
to avoid or to prevent this from affecting us directly.
So risk identification? What sources,
Where do they come from?
Risk comes from technology. Unless we have mentioned in the past.
Computers technology in general represents a security risk. There's privacy. There's, ah, personal data. There's health data. There's financial data.
There are different ways in which these could be compromised. We have
heard different challenges, different attacks, different hats different, um,
that us that have been collected by hackers and then exposed.
So that's one human resource is we're talking about individuals, individuals or percent risk in the sense that because of retaliation, because off corporate espionage, because off trying to make someone look bad, they could affect
Another risk is a regulatory box. They may introduce challenges that affect how our processes in how our projects would be executed and there could be severe fines and penalties if we violate their
re where requirements.
There's always business risk as well, in the sense that you don't know for how long the entity will operate. If and this has been the case, many a times in where on Endeavour's undertaken in throughout the projects life cycle,
the company ceases to exist
and also in terms of business is one of the challenges. What does this represent for the rest off the business? The project. The project could be sort of a threat in terms off, exposing information that was not intended to be made available
to sit in back
Also, there's competitive risk, and this has to do ah lot. We research and development. Every company wants to have the latest greatest, the most up to date technology, And they presented in a way that they have an edge ahead of the competition and finally environmental
risk in how these effects
Now to analyse risk. There are two different ways qualitative analysis.
Um, and as the name implies, his quality, this is a could be a subjective
topoff explanation of risk.
So called here analysis looks at the impact and the probability
Um a specific factor and then in measures are signs a value. They could be digits like regular, um, decimal digits. Or it could be, uh, other higher values.
And what we would do is that in this matrix, for example,
we will decide if risk a what probably Lee it has in what,
uh, impact he may have.
And then we assigned a value. Why is this important? Because we also have the other one. Quantitative analysis. The quantitative analysis will help us, um,
assign a dollar value to risk and is based on the probability and impact
and how much this will translate into the Your Ole Project. The overall operations in life cycle of the project
Now. Quantitative analysis in quantitative analysis. Qualitative and quantitative. They intersect, and they support each other out.
Now let's look at an example. It Let's look at some of the indicators that we see in quantitative analysis.
First, we have acid value, which is basically what we are producing a sport, a factor which is an indicator in percentages that tells those, um,
how much of a risk the acid is
single. Loss expectancy is essentially the asset value multiplied by the exposure factor, and it explains what why a one time loss of that asset represents in money.
The I realized rate of occurrence is how many times a year this could be happening.
That loss of expectancy again takes the single loss expectancy and distributes that through our year's lifetime.
the annual cost of a safeguard, whatever I used to counter my race, whatever I used to control my risk. And the cost benefit analysis is before risk after risk.
I mean, before, um, safeguard after safeguard and then the cost of a safeguard.
This is basically to evaluate if it's worth it, so that's a quick example. Let's imagine that we decided to buy the latest iPhone. The cost of the acid is $1000.
The exposure factor is 50%. Is a probability off. We dropping the iPhone
in the screen, cracking, for example.
So what is the single lost expectancy? If this $1000 a single loss expectancy will be off 500
now throughout a year, this could happen four times or a 25% chance Auf dem being damaged.
So because of this, it'll be the 500
25% is gonna be 125 throughout each month of the year,
so the rate of occurrence is 5%. Let's assume that, and we're going to calculate that in terms off, um,
how often you will happen,
what will be the safeguards? Safeguards could be a case. How much does it cost?
So I will
so tracked my loss expectancy
prior to the control my life expectancy after the control and then the cost of my control.
Based on that, I will arrive to a value that if it's positive, that means my control is covering more than expecting the
the asset value.
So when this would finish the first part off risk management, we have learned the importance of risk management. How do we identify and how to quantify risk? In a few, you will join me for the next part in where we look at how we control risk, thank you so much
and looking forward to our next conversation
CompTIA Project+ PK0-004 Practice Assessment
The Project+ exam preparation helps students prepare for the CompTIA Project+ certification exam. CompTIA ...
CompTIA A+ 220-1001
Ready to start your career in IT and cybersecurity? Earn your CompTIA A+ certification on ...
12 CEU/CPE Hours Available
Certificate of Completion Offered