New Training: Risk Management

In this 7-video skill, CBT Nuggets trainer Keith Barker discusses risk management processes and concepts. Watch this new Cyber Security training.

Watch the full course: Governance, Risk, and Compliance Training

This training includes:

• 7 videos

• 1.1 hours of training

You’ll learn these topics in this skill:

• Intro to Risk Management

• Risk Vocabulary

• Threat Agents and Types of Risk

• Risk Management Strategies

• Risk Assessments & Analysis

• BIA and Recovery

• Quiz and Review

What is Information Security Risk Management?

Information security risk management is the process of managing the risks that are associated with using information technology. While it can't completely eliminate these risks, it can help organizations limit them to an acceptable level.

The first step in risk management is identifying the elements in your IT infrastructure that both expose and contain risk. This includes assets, vulnerabilities, threats and security controls.

The next step in the process is aggregating the information that you have collected in step 1 and assessing your risk from them through a computation. While there are many ways of doing this, one of the most common ways is by taking the product of assets, vulnerabilities and threats and then subtracting the security controls that you have put in place.

The final step in this continuous process is the treatment of risk. Here you will decide whether to remediate, mitigate, transfer or accept the risks that you've previously assessed.