Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity: Understanding the Risk Management Life Cycle and Methodologies, Exams of Risk Analysis

An in-depth exploration of the risk management life cycle and various methodologies used in cybersecurity. the iterative process of acquiring, analyzing, and treating risks, as well as the role of frameworks and standards such as NIST SP 800-39, NIST SP 800-30, and ISO/IEC 27005. Students will learn about the risk management process, including scope definition, asset identification, risk assessment, and risk treatment, as well as risk avoidance and communication.

What you will learn

  • What are the key steps in the risk management process?
  • What are the different methodologies for managing information security risk?
  • How does NIST SP 800-39 approach risk management at the organizational level?
  • What are the six types of loss in Factor Analysis of Information Risk (FAIR)?
  • What is the risk management life cycle and why is it important in cybersecurity?

Typology: Exams

2021/2022

Uploaded on 09/27/2022

yorket
yorket 🇺🇸

4.4

(38)

276 documents

1 / 39

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CNIT 160:
Cybersecurity
Responsibilities
3. Information Risk
Management!
Part 2!
Pages 114 - 126
Updated 2-24-22
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27

Partial preview of the text

Download Cybersecurity: Understanding the Risk Management Life Cycle and Methodologies and more Exams Risk Analysis in PDF only on Docsity!

CNIT 160:

Cybersecurity

Responsibilities

3. Information Risk

Management

Part 2

Pages 114 - 126 Updated 2-24-

Topics

  • Part 1 (p. 102 - 115)

     **Risk Management Concepts** 
    • Implementing a Risk Management Program
  • Part 2 (p. 114 - 125) - The Risk Management Life Cycle
  • Part 3 (p. 125 - 158) - The Risk Management Life Cycle
  • Part 4 (p. 158 - 182) - Operational Risk Management

The Risk Management Life Cycle

  • Several frameworks and standards
  • Risk assessments

The Risk Management Life Cycle

The Risk Management Process

  • Risk analysis

     **Probability of event occurrence** 
    • Impact of event occurrence
    • Mitigation
    • Recommendation

The Risk Management Process

  • Risk treatment

     **Accept** 
    • Mitigate
    • Transfer
    • Avoid
  • Risk communication

Risk Register

List of identified risks, with

Description

Level and type

Risk treatment decisions

Also called a risk ledger

NIST SP 800- "Managing Information Security Risk: Organization, Mission, and Information, System View"

NIST SP 800-

Multilevel risk management

Information systems level

Mission/business process level

Overall organization level

Risks are communicated upward

Risk awareness and risk decisions are communicated downward

  • Ch 3b-
  • NIST SP 800-
  • NIST SP 800-

Risk management process

Step 1: Risk framing

Step 2: Risk assessment

Step 3: Risk response

Step 4: Risk monitoring

NIST SP 800-

NIST SP 800-

Standard methodology for conducting a risk assessment

Quite structured

A number of worksheets recording

Threats and vulnerabilities

Probability of occurrence

Impact

NIST SP 800-

Steps for conducting a risk assessment

Step 1: Prepare for assessment

Determine purpose, scope, and

Source of threat, vulnerability, and impact information

NIST 800-30 has example lists