1 hour 39 minutes
This is risk management and information technology.
In this lesson, we will be talking about risk
will be defining risk as a business term.
We'll talk about different risk scenarios then we will define risk in terms of cybersecurity.
So what is risk
Merriam Webster defines risk as a possibility of loss or injury
In business terms, risk is the chance of loss of assets that can be disruptive to the business
assets include hardware or the server your application runs on software
or the people that manage these resources.
Cybersecurity terms, risk refers to potential loss or damage when a threat exploits a vulnerability
to put it in another way
as an equation, risk is equal to the number of threats times the number of vulnerabilities.
Therefore, if you reduce the number of threats or vulnerabilities, this will lower risk.
In tangible terms,
risk is losing the internet,
unable to access the email,
lots of devices
or perhaps the data stores being inaccessible.
So with that let's talk about scenarios. For example, email.
If you lose your email, you lose important data such as contracts, legal agreements or your access to your customers.
Of course the risk here is that you could lose your email server which is hosted by a vendor
for yourself inside your facility.
Or it could be caused by an outage. If it's hosted in the cloud such as office 365,
another scenario is losing the internet. So if you lose your internet connection, that means loss of business, especially if you're a website or rely on internet connectivity for your business.
And that could be caused by loss of connectivity. Let's say your modem
breaks down or your ice B has an outage.
Another scenario software
loss of functioning software could be a potential loss of business. For example, your credit card processing part of your website,
You could stop working and that could be caused by incorrect patching or data corruption.
Some companies rely on hardware,
loss of hardware function could be disrupted to their business functions and that can be caused by hardware failure or power outage. For example,
heavy machinery that
that's used for creating products or a factory.
Another risk of an organization is the loss of key personnel that can cause disruption of a business or process
people leave because there's internal issues at work or a better job offer.
Okay, let's take a quick quiz.
What is risk
a chance of loss of assets
Be the formula risk is equal to three times vulnerability.
See the likelihood that a threat will exploit the vulnerability or D. All of the above.
The answer is D All of the above.
That's right. Another one
which of the following our resources, a security guard at the front desk,
be the credit card processing software?
See internet connectivity for your business
or D. All of the above.
Yes, there is. D all of the above.
Okay. One last
which of the following does not reduce risk. A threat
D. And B.
Yes, it is. See
So let's summarize,
Risk is the potential of losing an asset
that can cause damage
when a threat exploits a vulnerability
and applies to resources or assets.
Examples of these assets are hardware such as tools to create products, software such as email or databases and key personnel.
Thank you for completing this lesson. This is your instructor robert gonna
Certified Information Security Manager (CISM)
A CISM certification shows you have an all-around technical competence and an understanding of the ...
13 CEU/CPE Hours Available
Certificate of Completion Offered
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered