Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson is a review of the risk management process that will cover the main concepts that were taught in this module. Risk assessment is usually the most difficult assessment to conduct. Even though there are many unknowns it is necessary to make an effort to collect the right data. Risk assessment can be done qualitatively or quantitatively. Each method of risk assessment comes with its own strengths and objectives. Used together qualitative and quantitative risk assessment will result in the most effective information security management policy. Risk mitigation is the process of reducing risk to acceptable levels and maintaining that risk level. You must remember that risk must be managed because it can never be totally eliminated from your data environment. A quantitative analysis leads to the proper risk mitigation strategy:
Cost/benefit analysis will help you decide the correct mitigation strategy. Risk transference shares the risk someone else; the use of SLAs or insurance would be an example of risk transference. When we accept a risk in our environment as a result of cost-benefit analysis; we are using the logical solution when the cost of mitigation is higher than the potential for loss.