Risk Monitoring and Reporting

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

CompTIA Network+ (N10-008)
Course
Time
9 hours 49 minutes
Difficulty
Beginner
CEU/CPE
10
Video Transcription
00:00
>> This is the final stage
00:00
>> of the risk management lifecycle.
00:00
>> This is a piece where we monitor and
00:00
report on our mitigation strategies.
00:00
Ultimately the question we're asking in
00:00
this phase is, are controls working?
00:00
What are the indications we can use to
00:00
tell us the controls are meeting their objectives?
00:00
We start with our risk register,
00:00
and remember in risk identification
00:00
we listed what our risks are.
00:00
We moved into risk assessment,
00:00
determined a value for the risk then risk response.
00:00
We determined what controls
00:00
provide appropriate mitigation.
00:00
Now, we've implemented
00:00
those controls, are they working?
00:00
We also have to consider how often
00:00
we evaluate our controls for effectiveness.
00:00
For instance,
00:00
just because a risk response is adequate for today,
00:00
doesn't mean it'll be adequate for tomorrow.
00:00
We determine how often we need to go back
00:00
and evaluate our current mitigation strategy.
00:00
As a general tip,
00:00
we want to go back and
00:00
re-evaluate our security controls at least
00:00
once per year [NOISE] or as the threat landscape changes.
00:00
Because again, one of the biggest problems I see out
00:00
and about in the field is
00:00
this idea of if it ain't broke, don't fix it.
00:00
I've configured my component,
00:00
I've implemented security, I haven't had a breach,
00:00
so everything must be good.
00:00
Well, what that's really saying is,
00:00
let's wait until we have
00:00
a breach to think about strengthening our environment.
00:00
If instead, once per year
00:00
we go back and again start with our assets,
00:00
look at threats and vulnerabilities,
00:00
look at potential for loss,
00:00
and then make a good cost-effective countermeasure.
00:00
We have to ask ourselves,
00:00
are we still providing the degree of protection
00:00
that's acceptable based on senior management's tolerance.
00:00
When we go through and we monitor,
00:00
again, are they still meeting their objectives?
00:00
Their objectives ultimately are to mitigate
00:00
risk to a degree that's acceptable by senior management.
00:00
That's what this last phase is all about.
Up Next
View All
Instructed By
Kelly Handerhan

Kelly Handerhan

Senior Instructor
Ebie Prideaux

Ebie Prideaux

Voice Over Artist
Similar Content
CompTIA Network+ N10-007
Practice Test
CompTIA Network+ N10-007
4.11
CyberVista’s CompTIA Network+ N10-007 Practice test is intended for learners to assesses their knowledge of ...
Interconnecting Cisco Networking Devices Part 1 (ICND1)
Practice Test
Interconnecting Cisco Networking Devices Part 1 (ICND1)
4
Interconnecting Cisco Networking Devices Part 1 (ICND2) practice test helps prepare for the ICND2 100-105 ...
CompTIA Network+ N10-008
Virtual Lab
CompTIA Network+ N10-008
In the new CompTIA Network+ N10-008 Practice Lab, you will learn a number of ...