{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Chapter04 - Learning Objectives Upon completion of this...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Principles of Information Security, 2nd Edition 2 Define risk management, risk identification, and risk control Understand risk analysis and how risk is identified and assessed Assess risk based on probability of occurrence and impact on an organization Learning Objectives Upon completion of this material, you should be able to:
Background image of page 2
Principles of Information Security, 2nd Edition 3 Learning Objectives (continued) Describe the risk mitigation strategy options for controlling risks Identify the categories that can be used to classify controls Recognize the conceptual frameworks that exist for evaluating risk controls and be able to formulate a cost benefit analysis Understand how to maintain and perpetuate risk controls
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Principles of Information Security, 2nd Edition 4 Introduction Risk Management : process of identifying and controlling risks facing an organization. Encompasses risk assessment, risk mitigation, and continual evaluation. Risk Identification : process of examining an organization’s current information technology security situation Risk Control : applying controls to reduce risks to an organizations data and information systems
Background image of page 4