Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.

BASIC

Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement

PRO

All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

Risk Definitions Transcription

Welcome to our risk management concepts, risk definition module. Risk is the probability that a threat source will exercise a particular vulnerability, and the resulting impact of that adverse advent on your organization. The likelihood of the threat to occur is considered over a given period of time. And the impact is the magnitude of the effects that would arise if that event actually occurred.

A vulnerability is a flaw or weakness in one of our assets, such as our computer systems, and an asset is anything that we consider valuable to our organization. Everything from our facility to our employees, to our computer systems, anything that we consider valuable. And a threat is a potential danger.

This could be either an accidental trigger, or an intentional exploitation by an attacker to one of your assets. If a threat agent decides to take advantage of a certain vulnerability in that asset. You should be familiar with these definitions for the CISSP exam. You should know that a vulnerability is a flaw, or weakness in one of your assets.

That a threat is when a threat agent takes advantage of one of those vulnerabilities. And the risk is the function of your likelihood of that threat source to take advantage of that vulnerability, creating an undesirable impact on your organization. You may see questions where you are required to select a vulnerability, or select a threat agent, and then be given four choices and have to select the correct answer.

A vulnerability also known as a threat exposure is an opportunity for a threat to occur causing a loss to your organization. A loss is so type of devaluation in one of your assets, and an event or an exploit is the instance of loss that you experience. A threat agent or a threat source is anything or anyone that has the potential to cause a threat to your organization.

We put controls in place to protect us from vulnerabilities, and to protect us from threat agents. Controls are also known as safeguards or counter measures, and they can includes technical, administrative and physical controls that are designed to manage the risk that we have in our organizations. Here are just some examples of threats that can negatively impact our organization's computer security.

A threat to our confidentiality would be a data exposure or the theft of our confidential data. Social engineering is very popular, where we trick an employee into providing information that the attacker should not have. Shoulder surfing where an individual looks over a person shoulder to capture their passwords, or other sensitive data ,as well as impersonation attacks where a person pretends to be an authorized user on your system. We're also having men in the middle attacks where a person places themselves between individuals communicating with each other. In order to capture that data or magnify. We can also have an integrity attacks or someone modifies or data without our permissions. They might be able to modify a message well is being transmitted, change our counting records, or modify our system logs, or even modify our configuration files.

And finally attacks on our availability, attempt to disable a resource or prevent authorized users from accessing it. This could be caused by a manmade disaster or a natural disaster. It could be caused by a terrorist attack, a component failure, or even a denial of service attack, or a distributed denial of service attack.

We must be familiar with the process of managing the risks to our organization. First, we have to identify the risks, then analyze them, and then reduce the risk to a level that we consider to be acceptable. The risk assessment process is where we identify all of our assets, locate any risks that might be associated with those assets, and determine the potential loss that our organization could suffer if an event occurred.

During this process, we must come up with detailed estimates of the likelihood and impact of events, and use that to determine whether we should place a countermeasure in place. The first step in the risk assessment process is to plan for, and prepare for the risk assessment. And you should remember that for the CISSP examination.

During the risk mitigation process we reduce our risks by selecting appropriate cost effective counter measures to reduce our risk. It is very important to remember, for this CISSP examination, that we only put controls in place that are cost-effective. For example, if we only have $1,000 worth of assets in our building, we would not want to spend $1 million on a security system to protect our $1,000 worth of assets, because that would not be cost-effective.

It is also important to know that once we select a control and put it in place. We must continually evaluate to make sure that the process is working correctly, and that the control is doing what it is supposed to do. We do not place a control, and then just simply never worry about it again.

We must make sure that we are monitoring it, and evaluating it continuously. This concludes our risk management concepts module. Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!

Membership Options and Pricing.



BASIC Not ready for serious certification attempt and just want to sample it?

FREE

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement

1 Month PRO Only joining us for the final push?
This is for you!

99/month

  • Thousands of practice test questions
  • Fully-featured exam engine
  • Continuous knowledge measurement and feedback
  • Reinforcement questions
  • Detailed exam question explanations
  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee

3 Months PRO MOST POPULAR
Successful students spend 3 months preparing.

79/month USD 237 for 3 months

  • Thousands of practice test questions
  • Fully-featured exam engine
  • Continuous knowledge measurement and feedback
  • Reinforcement questions
  • Detailed exam question explanations
  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee

1 Year PRO Learn and study for your certification at your own pace.

59/month USD 708 per year

  • Thousands of practice test questions
  • Fully-featured exam engine
  • Continuous knowledge measurement and feedback
  • Reinforcement questions
  • Detailed exam question explanations
  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee

Train Your Team.

Subscriptions available for teams of 5 or greater.