Рет қаралды 105
How to help Uncle Carl at a BBQ understand personal email security and what threats it protects him from.
AKYLADE Certified Cyber Resilience Fundamentals (A/CCRF) [CRF-002] - Complete Training in @SimplyCyber Academy: academy.simply...
Mastering Cyber Resilience Chapter 3: Risk Management Fundamentals
Exam Objectives 📚️
Understanding risk management is crucial before diving into the NIST Cybersecurity Framework. This chapter aims to provide a solid foundation in risk management, equipping you with the knowledge and terminology needed to navigate the complex landscape of cybersecurity.
By grasping these fundamentals, you'll be better prepared to identify, assess, and mitigate risks, ensuring the security and resilience of digital systems and assets.
Candidates must be able to understand the key concepts related to risk management. Students will be able to:
5.1 Explain the fundamentals of risk management
Risk Analysis
Qualitative
Likelihood of Risk
Impact of Risk
Quantitative
Single-Loss Expectancy (SLE)
Annualized Rate of Occurrence (ARO)
Hybrid
Risk Appetite
Risk Tolerance
Business Impact Analysis
Recovery Time Objective (RTO)
Recovery Point Objective (RPO)
Mean Time to Repair (MTTR)
Mean Time Between Failures (MTBF)
Single Point of Failure
Mission Essential Functions
Identifying Critical Systems
Financial Analysis
Total cost of Ownership (TCO)
Return on Investment (ROI)
Return on Assets (ROA)
5.2 Given a scenario, determine the appropriate risk response and to a given threat or vulnerability
Risk Responses
Acceptance
Avoidance
Transference
Mitigation
Types of Risk
Inherent Risk
Residual Risk
Risk Register
5.3 Given a scenario, assess cybersecurity risk and recommend risk mitigations
Identify threats to an organization
Identify vulnerabilities to an organization
Identify risks to an organization
Recommend specific risk mitigations
Determine benefits of a particular risk mitigation
Determine the trade-offs of a particular risk mitigation
Evaluate the effectiveness of a particular risk mitigation
Develop a risk management plan
Develop a cybersecurity strategy