Part 1: General Security Concept
RISK MANAGEMENT
Outline
- Definitions and Terms
- Types of Risk
- Governance and Compliance
- risk Management Models
- Risk Options
Risk Related Definitions
- Risk: Likelihood that a threat will exploit a vulnerability in an asset
- An Asset provides values to the organization and can be tangible (hardware) or intangible (an organization's reputation)
- Risk manage should start by valuating the asset being protected
- Threat: Has the potential to harm an asset
- Vulnerability: A weakness; a lack of a safeguard
- Exploit: Instance of compromise
- Controls: Protective mechanisms to secure vulnerabilities
- Safeguards; Proactive
- Countermeasures: Reactive mechanism
- Total Risk: Amount of Risk without implementing mitigation. "What will it cost me if I do nothing"
- Secondary Risk: Risk event that comes as a result of another risk response
- Residual Risk: The mount of risk left over after a risk response
- Fallback Plan: "Plan B"
- Workaround: Unplanned Response (for unidentified risk or when other responses don't work)
Leave a Comment