Risk Management Course

Managing risks involves identifying threat actors both large and small. Learn key concepts related to risk management, including proper policies and procedures, business impact analysis, data destruction, quantitative and qualitative risk assessments, and how security must be applied to all phases of the information life cycle.

2 hours, 14 minutes

Syllabus

Ask me anything

Video - 00:02:00
The use of social media platforms has skyrocketed in recent years. Organizations must take the appropriate steps to ensure that sensitive data is not leaked through this mechanism.
Wiping disks with the dd command lab

Video - 00:06:00
When storage media has reached the end of its useful life, data must be wiped from it in a secure manner which can include using some built-in operating system tools. Linux administrators can use the dd command to wipe disk partitions by overwriting them with random data.
Exam question review

Video - 00:02:00
Threats are executed by a variety of different threat actors, each type having a different motivation for executing attacks. This episode presents a scenario where correct type of threat actor must be selected.
CompTIA Security+ SY0-601 Exam Objectives

Video - 00:03:00
Agreement types

Video - 00:07:00
When organizations enter into business partnerships with third-party service providers, the agreements and contracts they both sign protect both organizations legally, as well as establish the terms of service. This episode covers the various types of business agreements.
Third-party risk management

Video - 00:08:00
Some business activities cannot be completed entirely within an organization and must be outsourced. Ensuring that proper security safeguards are in place throughout the hardware, software, and personnel supply chain results in a properly secured data, such as through data loss prevention (DLP) tools.
Personnel risk and policies

Video - 00:10:00
Hiring the right employees and contractors for the job always matters. Enacting internal security controls such as background checks, mandatory vacations, job rotation, and separation of duties goes a long way in ensuring the integrity of business processes.
Data destruction

Video - 00:06:00
Digital data resides on physical storage devices. Secure storage media disposal mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, must be put in place to ensure sensitive data cannot be retrieved by unauthorized users.
Security and the information life cycle

Video - 00:09:00
Security must be applied to all phases of the information life cycle, from collection to its eventual archiving and deletion. This includes data security techniques such as tokenization and masking, while considering how laws apply to data based on its location (data sovereignty).
Data types and roles

Video - 00:11:00
Protecting personally identifiable information, or PII, is crucial and required by security regulations such as GDPR, but of the vast amounts of data in an organization, how do you know which data is sensitive? The answer is through data roles and responsibilities assigned to personnel in conjunction with data discovery and classification tools on-premises and in the cloud.
Business Impact Analysis

Video - 00:09:00
In addition to deploying effective security controls to protect assets, what can be done to ensure business continuity in the event of a security incident? A business impact analysis involves proactive planning to help reduce downtime and data loss when negative events occur.
Qualitative risk assessments

Video - 00:04:00
The same risk can have a different impact to various organizations. Qualitative risk assessments use subjective priority ratings for risks rather than dollar values.
Quantitative risk assessments

Video - 00:07:00
Is the cost of a security control justified? A quantitative risk assessment uses various calculations against an asset to determine the maximum yearly spend for protecting that asset.
Risk assessments and treatments

Video - 00:06:00
How can you determine whether assets are adequately protected from threats? One way is running periodic risk assessments to address the ever-changing threat landscape to define the likelihood and impact of security incidents.
Security controls

Video - 00:09:00
Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM) define what types of security controls to put in place to mitigate risk both on-premises and in the cloud. The specific type of attack vector determines whether managerial, operational, or technical controls should be deployed.
Risk management concepts

Video - 00:07:00
A risk management framework aids in identifying and managing risk and is sometimes required for compliance with data privacy regulations such as GDPR and HIPAA. Organization security policies are often influenced by data privacy regulations.
Threat intelligence

Video - 00:11:00
With the ever-changing IT threat landscape, how can you keep up with the latest security issues? Threat intelligence refers to the wide variety of open-source intelligence (OSINT) and proprietary IT security sources that use standards such as STIX and TAXII for cybersecurity intelligence sharing.
Threats and vulnerabilities

Video - 00:07:00
The CIA security triad (confidentiality, integrity and availability) describes how solutions such as encryption, hashing, and data backups can address potential attack vectors that might be exploited by threat actors.
Defining risk

Video - 00:08:00
Managing risk involves identifying threat actors from script kiddies to state-sponsored attackers. Mitigating threats is achieved by identifying assets and putting security controls in place to mitigate risks.
Introduction to Security+ 601

Video - 00:01:00
Mike and Dan introduce the CompTIA Security+ (SY0-601) learning path.

Meet the author

Mike Meyers

Mike Meyers, affectionately called the "Alpha Geek," is the industry's leading authority on CompTIA certifications. He is the president and co-founder of Total Seminars, LLC, a provider of PC and network repair seminars, books, videos and courseware for thousands of organizations throughout the world. Mike has been involved in the computer and network repair industry since 1987 as a technician, instructor, author, consultant and speaker. He has sold over a million IT and certification books, including the best-selling CompTIA A+ Certification All-in-One Exam Guide and CompTIA Network+ Certification All-in-One Exam Guide. He has personally taught thousands of students, including U.S. senators, U.S. Supreme Court Justices, members of the United Nation, every branch of the U.S. Armed Forces, many branches of the Department of Justice, hundreds of corporate clients and academic students at every level.
Learn More

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust