Principles of Information Security, 2nd Edition2Define risk management, risk identification, and risk controlUnderstand risk analysis and how risk is identified and assessedAssess risk based on probability of occurrence and impact on an organizationLearning ObjectivesUpon completion of this material, you should be able to:
Principles of Information Security, 2nd Edition3Learning Objectives (continued)Describe the risk mitigation strategy options for controlling risksIdentify the categories that can be used to classify controlsRecognize the conceptual frameworks that exist for evaluating risk controls and be able to formulate a cost benefit analysisUnderstand how to maintain and perpetuate risk controls
has intentionally blurred sections.
Sign up to view the full version.
Principles of Information Security, 2nd Edition4IntroductionRisk Management: process of identifying and controlling risks facing an organization. Encompasses risk assessment, risk mitigation, and continual evaluation.Risk Identification: process of examining an organization’s current information technology security situationRisk Control: applying controls to reduce risks to an organizations data and information systems