Lesson 2
Risk Management
Finding, understanding, and reducing security risks.
Domain
Security Concepts and Practices
Concepts
16 concepts
Concept 1
Risk Management
Risk Management
Finding, understanding, and reducing security risks.
Concept 2
Risk Management
Risk Assessment
Identifying possible threats and understanding their impact.
Concept 3
Risk Analysis
Risk Analysis
Studying risks to determine seriousness and likelihood.
Concept 4
Risk Treatment
Risk Treatment
Deciding what to do about a risk.
Concept 5
Risk Treatment
Risk Acceptance
Knowingly living with a risk.
Concept 6
Risk Treatment
Risk Avoidance
Removing the activity that creates the risk.
Concept 7
Risk Treatment
Risk Transfer
Shifting financial impact to another party.
Concept 8
Risk Treatment
Risk Mitigation
Reducing the likelihood or impact of a risk.
Concept 9
Risk Analysis
Residual Risk
Risk remaining after security controls are applied.
Concept 10
Risk Analysis
Inherent Risk
Natural risk before any security controls are applied.
Concept 11
Risk Analysis
Inherent Risk vs Residual Risk
Comparing original risk with remaining risk.
Concept 12
Threat Modeling
Threat Modeling
Identifying possible threats before attacks happen.
Concept 13
Risk Analysis
Asset Valuation
Determining how valuable an asset is to the organization.
Concept 14
Risk Analysis
Qualitative Risk Analysis
Using opinions, experience, and descriptive ratings.
Concept 15
Risk Analysis
Quantitative Risk Analysis
Using numbers and financial values to measure risk.
Concept 16
Risk Formula
ALE / SLE / ARO Calculations
Using SSCP risk formulas for expected loss.