Risk Management in Cybersecurity- Information Security Risk Management | Quantitative & Qualitative
Subscribe here: / @cyberplatter
CyberPlatter Discord Channel: / discord
Website: https://cyberplatter.com
Access Control Types: • Explain Access Control Types| Administrati...
Security Analyst and Engineer Interview Question and Answer Playlist: • CyberSecurity Interview Questions and Answers
This video includes:
• Cybersecurity Risk Management | Information Security Risk Management
○ What is risk management?
○ Why is risk management important?
○ Risk elements and its types
§ Threat agent/actor
§ Threats
§ Vulnerabilities
§ Risk
§ Safeguards / security controls / controlmeasures
§ Assets
§ Asset Evaluation
§ Attach
§ Breach
○ Risk assessment/analysis and its types
§ Quantitative risk analysis
□ Asset Valuation (AV)
□ Exposure Factor (EF)
□ Single Loss Expectancy (SLE)
□ Annualized Rate of Occurrence (ARO)
□ Annualized Loss Expectancy (ALE)
□ Annual Cost of Safeguards (ACS)z
□ Cost/benefit analysis of safeguards
§ Qualitative risk analysis
□ Delphi technique
§ Hybrid risk analysis
○ Residual Risk
○ Total Risk
○ Risk response and its types:
§ Risk transfer/assign
§ Risk mitigation/reduction
§ Risk avoidance
§ Risk acceptance
§ Risk ignore/reject
§ Risk deterrence
○ NIST SP 800-37's Risk Management Framework (RMF) and its steps
§ Prepare
§ Categorize
§ Select
§ Implement
§ Assess
§ Authorize
§ Monitor