What is Risk Management?

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Risk Management and Information Systems Control

Course

Time

1 hour 39 minutes

Difficulty

Intermediate

CEU/CPE

Video Transcription

00:00

does this risk management and information technology

00:03

in this lesson? We will be discussing risk management

00:06

terms used and an overview of the results of risk management.

00:10

So what's the risk management?

00:13

It's a way of sustaining secure environment.

00:16

It's another process of identifying factors that can cause damage to your assets or your

00:22

00:23

processes.

00:25

You evaluate factors for asset value and determine countermeasures.

00:30

And you have to implement a cost saving solution for reducing the risk in your environment

00:35

since risk management is a process. So what are the goals of this process

00:40

1st? We want to reduce the risk to an acceptable level,

00:43

overall risk or

00:45

smaller risks.

00:46

And these risk levels are determined by the value of the asset,

00:51

decides the risk appetite of the organization. Some organization

00:57

thinks that it's less risky versus not. Organization can think differently.

01:02

And of course the budget of your operation,

01:06

just remember the risk level

01:07

that the organization is comfortable with this different from organization to organization.

01:15

Okay, now that we define what the goals are for risk management,

01:19

let's talk about risk analysis

01:22

steps in here is to identify the assets and value each asset.

01:26

After you identify the assets, you want to identify the vulnerabilities around that asset.

01:33

Now, once you know what the vulnerabilities are, you have to, you have to figure out the exploits and the threats around those vulnerabilities.

01:42

And once you know these things, these lists of

01:46

threats and exploit, you determine safeguards and countermeasures

01:49

and then assign how much it will cost for those things while you're determining these safeguards.

01:56

Once you have that information, you determine whether these risks are acceptable or not

02:00

because

02:02

Maybe it's $100 uh asset

02:07

But the protection is $1,000. That doesn't make any sense. You want to make sure that the risks

02:14

are in line with the value

02:16

as well as the counter missions for that.

02:20

So this is just a quick overview. We'll go through each and every step in subsequent modules.

02:29

Next let's talk about risk appetite, risk appetite is the, is the level of risk management organization deems acceptable.

02:37

So this is different from organization organization, which is based on values, ethics and culture.

02:43

For example, it's a way a company does not want to take risk because it will result in significant loss of revenue

02:51

or organization with higher levels of risk, appetite could take more risks. So to increase its revenue.

03:00

So after the first analysis,

03:05

uh you give that information to management

03:07

and uh

03:08

decision makers and it has a result for us to move forward with the information.

03:17

one is to mitigate the risk,

03:21

you know, just to avoid the risk.

03:23

03:24

There's also an assignment to risk or transfer. It's like insurance. If there's a quick way of explaining what it does or you accept the risk

03:35

or reject that, it's a risk. That's uh, one of the few things management can

03:39

uh,

03:40

decide on based on the results of the

03:45

analysis.

03:46

Next, let's have an overview

03:49

of the risk management results.

03:53

First, let's talk about risk mitigation. It's the most common way of handling risk by an organization.

03:58

It's basically the implementation of safeguards and countermeasures.

04:01

For example, organization can purchase

04:03

a firewall or other network devices to protect itself and its servers if they are online.

04:10

Okay, next let's talk about risk transference of risk assignment.

04:13

This is another way in an organization can transfer risk instead of taking the risk on its own. Next let's talk about risk acceptance in this scenario. The management to accept the risk and the consequence of any loss.

04:25

Next is the risk of violence. It's a former risk mitigation. That's practical. But business process restricting as you remove sources of risk within the organization.

04:34

Risk rejection is a valid, responsible management terrorist assessment, thinking that the risk is invalid

04:41

and hope that it never occurs.

04:45

Okay, let's take a quick quiz.

04:47

Which of the following is not part of risk management

04:49

today.

04:50

Element of sustaining a secure environment. Be

04:55

process of identifying factors that can cause damage.

04:58

See evaluate factors for asset value and countermeasures.

05:01

D determine ri for a particular business unit

05:05

or e implement cost saving solutions for reducing risk

05:13

and the answer is the determined Ri for a particular business unit.

05:17

Well, you need an arrow I for the solution,

05:21

arrive for business unit is not covered under risk management

05:26

two

05:28

which of the following is a goal of risk management.

05:30

Set a limit of sustaining secure, secure environment.

05:34

Be reduced risk to an acceptable level.

05:38

See evaluate factors for acid value and countermeasures.

05:42

The process of identifying factors that can cause damage.

05:46

E implement cost saving solutions for reducing risk

05:54

and the answer is b reduced risk to an acceptable level

05:58

A C D and E.

06:00

It's part of the process to reduce the risk to an acceptable acceptable level.

06:03

So the correct answer is B.

06:08

Which of the following does not determine risk level.

06:11

Set a

06:13

number of vulnerabilities of an asset?

06:15

Be the size of the organization?

06:18

See the risk appetite of the organization,

06:21

the assets value

06:24

for e

06:26

the budget of the organization.

06:32

And the answer is a The number of vulnerabilities of an asset.

06:39

Okay, one more

06:41

which of the following is a part of risk analysis,

06:45

06:46

assets and value.

06:47

06:48

Identify vulnerabilities.

06:50

See

06:51

identify exploits and threats,

06:55

the determined safeguards or countermeasures.

06:59

He determine which risks are acceptable or not. or f

07:02

all of the above.

07:05

Yes, it is F all of the over.

07:11

In summary.

07:13

You talked about the process of risk management,

07:15

such as identifying a list of threats,

07:18

evaluating each threat and risk

07:21

as each vulnerability,

07:24

identify which risk is acceptable or not,

07:27

determined evaluation of all assets and determine the safeguards and countermeasures.

07:31

He also talked about the goals of risk management, which is to reduce the risk

07:36

to an acceptable level,

07:40

and that level is defined by the organization's valuation of assets and risk appetite, as well as budget.

07:46

He also talked about the different

07:49

types of risk management results and how management accepts these risks.

07:56

This is an instructor robert, Ghana.

08:01

Mhm.

Up Next

Risk Assessment Process

Qualitative Risk Assessment

Quantitative Risk Assessment

Instructed By