CNIT 160:
Cybersecurity
Responsibilities
3. Information Risk
Management!
Part 2!
Pages 114 - 126
Updated 2-24-22
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Cybersecurity: Understanding the Risk Management Life Cycle and Methodologies, Exams of Risk Analysis
An in-depth exploration of the risk management life cycle and various methodologies used in cybersecurity. the iterative process of acquiring, analyzing, and treating risks, as well as the role of frameworks and standards such as NIST SP 800-39, NIST SP 800-30, and ISO/IEC 27005. Students will learn about the risk management process, including scope definition, asset identification, risk assessment, and risk treatment, as well as risk avoidance and communication.
What you will learn
- What are the key steps in the risk management process?
- What are the different methodologies for managing information security risk?
- How does NIST SP 800-39 approach risk management at the organizational level?
- What are the six types of loss in Factor Analysis of Information Risk (FAIR)?
- What is the risk management life cycle and why is it important in cybersecurity?
Typology: Exams
2021/2022
1 / 39
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Cybersecurity: Understanding the Risk Management Life Cycle and Methodologies and more Exams Risk Analysis in PDF only on Docsity!
CNIT 160:
Cybersecurity
Responsibilities
3. Information Risk
Management
Part 2
Pages 114 - 126 Updated 2-24-
Topics
Part 1 (p. 102 - 115)
**Risk Management Concepts**- Implementing a Risk Management Program
- Part 2 (p. 114 - 125) - The Risk Management Life Cycle
- Part 3 (p. 125 - 158) - The Risk Management Life Cycle
- Part 4 (p. 158 - 182) - Operational Risk Management
The Risk Management Life Cycle
- Several frameworks and standards
- Risk assessments
The Risk Management Life Cycle
The Risk Management Process
Risk analysis
**Probability of event occurrence**- Impact of event occurrence
- Mitigation
- Recommendation
The Risk Management Process
Risk treatment
**Accept**- Mitigate
- Transfer
- Avoid
- Risk communication
Risk Register
List of identified risks, with
Description
Level and type
Risk treatment decisions
Also called a risk ledger
NIST SP 800- "Managing Information Security Risk: Organization, Mission, and Information, System View"
NIST SP 800-
Multilevel risk management
Information systems level
Mission/business process level
Overall organization level
Risks are communicated upward
Risk awareness and risk decisions are communicated downward
- Ch 3b-
- NIST SP 800-
- NIST SP 800-
Risk management process
Step 1: Risk framing
Step 2: Risk assessment
Step 3: Risk response
Step 4: Risk monitoring
NIST SP 800-
NIST SP 800-
Standard methodology for conducting a risk assessment
Quite structured
A number of worksheets recording
Threats and vulnerabilities
Probability of occurrence
Impact
NIST SP 800-
Steps for conducting a risk assessment
Step 1: Prepare for assessment
Determine purpose, scope, and
Source of threat, vulnerability, and impact information
NIST 800-30 has example lists