1 hour 39 minutes
does this risk management and information technology
in this lesson? We will be discussing risk management
terms used and an overview of the results of risk management.
So what's the risk management?
It's a way of sustaining secure environment.
It's another process of identifying factors that can cause damage to your assets or your
You evaluate factors for asset value and determine countermeasures.
And you have to implement a cost saving solution for reducing the risk in your environment
since risk management is a process. So what are the goals of this process
1st? We want to reduce the risk to an acceptable level,
overall risk or
And these risk levels are determined by the value of the asset,
decides the risk appetite of the organization. Some organization
thinks that it's less risky versus not. Organization can think differently.
And of course the budget of your operation,
just remember the risk level
that the organization is comfortable with this different from organization to organization.
Okay, now that we define what the goals are for risk management,
let's talk about risk analysis
steps in here is to identify the assets and value each asset.
After you identify the assets, you want to identify the vulnerabilities around that asset.
Now, once you know what the vulnerabilities are, you have to, you have to figure out the exploits and the threats around those vulnerabilities.
And once you know these things, these lists of
threats and exploit, you determine safeguards and countermeasures
and then assign how much it will cost for those things while you're determining these safeguards.
Once you have that information, you determine whether these risks are acceptable or not
Maybe it's $100 uh asset
But the protection is $1,000. That doesn't make any sense. You want to make sure that the risks
are in line with the value
as well as the counter missions for that.
So this is just a quick overview. We'll go through each and every step in subsequent modules.
Next let's talk about risk appetite, risk appetite is the, is the level of risk management organization deems acceptable.
So this is different from organization organization, which is based on values, ethics and culture.
For example, it's a way a company does not want to take risk because it will result in significant loss of revenue
or organization with higher levels of risk, appetite could take more risks. So to increase its revenue.
So after the first analysis,
uh you give that information to management
decision makers and it has a result for us to move forward with the information.
one is to mitigate the risk,
you know, just to avoid the risk.
There's also an assignment to risk or transfer. It's like insurance. If there's a quick way of explaining what it does or you accept the risk
or reject that, it's a risk. That's uh, one of the few things management can
decide on based on the results of the
Next, let's have an overview
of the risk management results.
First, let's talk about risk mitigation. It's the most common way of handling risk by an organization.
It's basically the implementation of safeguards and countermeasures.
For example, organization can purchase
a firewall or other network devices to protect itself and its servers if they are online.
Okay, next let's talk about risk transference of risk assignment.
This is another way in an organization can transfer risk instead of taking the risk on its own. Next let's talk about risk acceptance in this scenario. The management to accept the risk and the consequence of any loss.
Next is the risk of violence. It's a former risk mitigation. That's practical. But business process restricting as you remove sources of risk within the organization.
Risk rejection is a valid, responsible management terrorist assessment, thinking that the risk is invalid
and hope that it never occurs.
Okay, let's take a quick quiz.
Which of the following is not part of risk management
Element of sustaining a secure environment. Be
process of identifying factors that can cause damage.
See evaluate factors for asset value and countermeasures.
D determine ri for a particular business unit
or e implement cost saving solutions for reducing risk
and the answer is the determined Ri for a particular business unit.
Well, you need an arrow I for the solution,
arrive for business unit is not covered under risk management
which of the following is a goal of risk management.
Set a limit of sustaining secure, secure environment.
Be reduced risk to an acceptable level.
See evaluate factors for acid value and countermeasures.
The process of identifying factors that can cause damage.
E implement cost saving solutions for reducing risk
and the answer is b reduced risk to an acceptable level
A C D and E.
It's part of the process to reduce the risk to an acceptable acceptable level.
So the correct answer is B.
Which of the following does not determine risk level.
number of vulnerabilities of an asset?
Be the size of the organization?
See the risk appetite of the organization,
the assets value
the budget of the organization.
And the answer is a The number of vulnerabilities of an asset.
Okay, one more
which of the following is a part of risk analysis,
assets and value.
identify exploits and threats,
the determined safeguards or countermeasures.
He determine which risks are acceptable or not. or f
all of the above.
Yes, it is F all of the over.
You talked about the process of risk management,
such as identifying a list of threats,
evaluating each threat and risk
as each vulnerability,
identify which risk is acceptable or not,
determined evaluation of all assets and determine the safeguards and countermeasures.
He also talked about the goals of risk management, which is to reduce the risk
to an acceptable level,
and that level is defined by the organization's valuation of assets and risk appetite, as well as budget.
He also talked about the different
types of risk management results and how management accepts these risks.
This is an instructor robert, Ghana.