Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Risk Management Concepts Risk Frameworks Module. It is important to select an appropriate risk management framework for your organization. Risk management is a complex activity, and risk management frameworks can assist you in the process of designing and implementing, monitoring, and reviewing your risk management in your organization.
These frameworks can help you to determine your risks and align them with your business strategies, make appropriate decisions based on risks to reduce your operational surprises and losses. And can also help with identifying and managing several different risks and sometimes cross enterprise risks. Here, we have a generic risk management process.
Risk management planning is our first step in the process. This is important to remember for the CISSP examination because just like many other processes, you have to plan for the process before you begin the process. Once our planning is complete we will then identify our risks, then analyze and prioritize the risks using both qualitative and quantitive risk analysis.
Once the analysis is complete, we can then plan on how we will respond to the risks. Once planning is complete, we will then execute by placing our controls to reduce our risk. We will then evaluate the effectiveness of the controls and identify any areas for improvement and then begin the process again.
A proper risk management process involves continuous improvement, where we are constantly learning how to improve our risk management. And this is a best practice for any organization. We can also see that communicate is in the middle of our process. It is important that all individuals involved communicate throughout all of the steps of this process.
Here, we provide just some risk assessment and management models that you can use in your organization. The Nest Special Publication 800-30 Revision One is the United States government's guide to conducting risk assessments. They also provide a guide for applying the risk management framework to federal information systems and a guide for managing information security risk.
OCTAVE or the Operationally Critical Threat, Asset, and Vulnerability Evaluation is the suite of tools and techniques that you can use for risk-based information security strategic assessment and planning. The cram risk analysis and management method was developed for the United Kingdom's central computer and telecommunications agency or CCTA. The SOMAP, Security Officers' Management and Analysis Project, is another framework that can be used.
And finally, the VAR, or Value at Risk quantile measurement, which is a method used to measure and quantify the level of financial risk. Here we have a generic risk model with key risk factors. We start by evaluating our threat source and looking at the capabilities and the intent of our adversarial threats. The threat source will create a threat event, some sequence of actions, or activities. This will typically take advantage of some vulnerability in our systems or in our facilities, based on any conditions we are predisposed to, and most likely, violating our security controls that we have in place. Causing an adverse impact on our organization, producing an organizational risk to our operations, such as our mission, our image or our reputation, our assets, our employees, or even other organizations that we interact with or the nation as a whole.
When we're moving through this model, we will take inputs from our risk framing step, which was our risk management strategy or approach, where we identified any key risk factors. We can use this model to determine how those risk factors may affect us if a threat source decides to take advantage of one of these risk factors.
This concludes our risk management concepts module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!