What is Risk Management?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 39 minutes
Difficulty
Intermediate
CEU/CPE
1
Video Transcription
00:00
does this risk management and information technology
00:03
in this lesson? We will be discussing risk management
00:06
terms used and an overview of the results of risk management.
00:10
So what's the risk management?
00:13
It's a way of sustaining secure environment.
00:16
It's another process of identifying factors that can cause damage to your assets or your
00:22
uh
00:23
processes.
00:25
You evaluate factors for asset value and determine countermeasures.
00:30
And you have to implement a cost saving solution for reducing the risk in your environment
00:35
since risk management is a process. So what are the goals of this process
00:40
1st? We want to reduce the risk to an acceptable level,
00:43
overall risk or
00:45
smaller risks.
00:46
And these risk levels are determined by the value of the asset,
00:51
decides the risk appetite of the organization. Some organization
00:57
thinks that it's less risky versus not. Organization can think differently.
01:02
And of course the budget of your operation,
01:06
just remember the risk level
01:07
that the organization is comfortable with this different from organization to organization.
01:15
Okay, now that we define what the goals are for risk management,
01:19
let's talk about risk analysis
01:22
steps in here is to identify the assets and value each asset.
01:26
After you identify the assets, you want to identify the vulnerabilities around that asset.
01:33
Now, once you know what the vulnerabilities are, you have to, you have to figure out the exploits and the threats around those vulnerabilities.
01:42
And once you know these things, these lists of
01:46
threats and exploit, you determine safeguards and countermeasures
01:49
and then assign how much it will cost for those things while you're determining these safeguards.
01:56
Once you have that information, you determine whether these risks are acceptable or not
02:00
because
02:02
Maybe it's $100 uh asset
02:07
But the protection is $1,000. That doesn't make any sense. You want to make sure that the risks
02:14
are in line with the value
02:16
as well as the counter missions for that.
02:20
So this is just a quick overview. We'll go through each and every step in subsequent modules.
02:29
Next let's talk about risk appetite, risk appetite is the, is the level of risk management organization deems acceptable.
02:37
So this is different from organization organization, which is based on values, ethics and culture.
02:43
For example, it's a way a company does not want to take risk because it will result in significant loss of revenue
02:51
or organization with higher levels of risk, appetite could take more risks. So to increase its revenue.
03:00
So after the first analysis,
03:05
uh you give that information to management
03:07
and uh
03:08
decision makers and it has a result for us to move forward with the information.
03:17
one is to mitigate the risk,
03:21
you know, just to avoid the risk.
03:23
Um
03:24
There's also an assignment to risk or transfer. It's like insurance. If there's a quick way of explaining what it does or you accept the risk
03:35
or reject that, it's a risk. That's uh, one of the few things management can
03:39
uh,
03:40
decide on based on the results of the
03:45
analysis.
03:46
Next, let's have an overview
03:49
of the risk management results.
03:53
First, let's talk about risk mitigation. It's the most common way of handling risk by an organization.
03:58
It's basically the implementation of safeguards and countermeasures.
04:01
For example, organization can purchase
04:03
a firewall or other network devices to protect itself and its servers if they are online.
04:10
Okay, next let's talk about risk transference of risk assignment.
04:13
This is another way in an organization can transfer risk instead of taking the risk on its own. Next let's talk about risk acceptance in this scenario. The management to accept the risk and the consequence of any loss.
04:25
Next is the risk of violence. It's a former risk mitigation. That's practical. But business process restricting as you remove sources of risk within the organization.
04:34
Risk rejection is a valid, responsible management terrorist assessment, thinking that the risk is invalid
04:41
and hope that it never occurs.
04:45
Okay, let's take a quick quiz.
04:47
Which of the following is not part of risk management
04:49
today.
04:50
Element of sustaining a secure environment. Be
04:55
process of identifying factors that can cause damage.
04:58
See evaluate factors for asset value and countermeasures.
05:01
D determine ri for a particular business unit
05:05
or e implement cost saving solutions for reducing risk
05:13
and the answer is the determined Ri for a particular business unit.
05:17
Well, you need an arrow I for the solution,
05:21
arrive for business unit is not covered under risk management
05:26
two
05:28
which of the following is a goal of risk management.
05:30
Set a limit of sustaining secure, secure environment.
05:34
Be reduced risk to an acceptable level.
05:38
See evaluate factors for acid value and countermeasures.
05:42
The process of identifying factors that can cause damage.
05:46
E implement cost saving solutions for reducing risk
05:54
and the answer is b reduced risk to an acceptable level
05:58
A C D and E.
06:00
It's part of the process to reduce the risk to an acceptable acceptable level.
06:03
So the correct answer is B.
06:08
Which of the following does not determine risk level.
06:11
Set a
06:13
number of vulnerabilities of an asset?
06:15
Be the size of the organization?
06:18
See the risk appetite of the organization,
06:21
the assets value
06:24
for e
06:26
the budget of the organization.
06:32
And the answer is a The number of vulnerabilities of an asset.
06:39
Okay, one more
06:41
which of the following is a part of risk analysis,
06:45
a
06:46
assets and value.
06:47
B.
06:48
Identify vulnerabilities.
06:50
See
06:51
identify exploits and threats,
06:55
the determined safeguards or countermeasures.
06:59
He determine which risks are acceptable or not. or f
07:02
all of the above.
07:05
Yes, it is F all of the over.
07:11
In summary.
07:13
You talked about the process of risk management,
07:15
such as identifying a list of threats,
07:18
evaluating each threat and risk
07:21
as each vulnerability,
07:24
identify which risk is acceptable or not,
07:27
determined evaluation of all assets and determine the safeguards and countermeasures.
07:31
He also talked about the goals of risk management, which is to reduce the risk
07:36
to an acceptable level,
07:40
and that level is defined by the organization's valuation of assets and risk appetite, as well as budget.
07:46
He also talked about the different
07:49
types of risk management results and how management accepts these risks.
07:56
This is an instructor robert, Ghana.
08:01
Mhm.
Up Next