































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
An in-depth exploration of the risk management life cycle and various methodologies used in cybersecurity. the iterative process of acquiring, analyzing, and treating risks, as well as the role of frameworks and standards such as NIST SP 800-39, NIST SP 800-30, and ISO/IEC 27005. Students will learn about the risk management process, including scope definition, asset identification, risk assessment, and risk treatment, as well as risk avoidance and communication.
What you will learn
Typology: Exams
1 / 39
This page cannot be seen from the preview
Don't miss anything!
Pages 114 - 126 Updated 2-24-
**Risk Management Concepts**
The Risk Management Life Cycle
The Risk Management Life Cycle
The Risk Management Process
**Probability of event occurrence**
The Risk Management Process
**Accept**
List of identified risks, with
Description
Level and type
Risk treatment decisions
Also called a risk ledger
NIST SP 800- "Managing Information Security Risk: Organization, Mission, and Information, System View"
Multilevel risk management
Information systems level
Mission/business process level
Overall organization level
Risks are communicated upward
Risk awareness and risk decisions are communicated downward
Risk management process
Step 1: Risk framing
Step 2: Risk assessment
Step 3: Risk response
Step 4: Risk monitoring
Standard methodology for conducting a risk assessment
Quite structured
A number of worksheets recording
Threats and vulnerabilities
Probability of occurrence
Impact
Steps for conducting a risk assessment
Step 1: Prepare for assessment
Determine purpose, scope, and
Source of threat, vulnerability, and impact information
NIST 800-30 has example lists