Risk Analysis: Security Risk Management
In this 14-video course learners can explore security risk management concepts and discover how to assess categorize monitor and respond to organizational risks. Examine key terms such as threats vulnerabilities impacts and risks and the steps involved in the National Institute of Standard and Technology (NIST) risk management framework (RMF). Begin by learning how risk relates to information systems and look at the concepts of managing risks differentiating between threats vulnerabilities impacts and risks. Examine the first step of the NIST RMF categorizing risk and then the second RMF step selecting security controls. Next observe the third step implementing security controls; the fourth step assessing security control effectiveness; the fifth step examining risk and output of security controls assessment to determine whether or not the risk is acceptable; and the last step monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally explore risk response and remediation and differentiating between different risk responses such as accepting avoiding mitigating sharing or transferring risk.