What is risk management in Security+?
D1 ยท General ยท CompTIA Security+ SY0-701Risk management is the systematic process of identifying, assessing, prioritizing, and addressing risks to an organization's information assets and operations.
Risk management process: identify risks โ assess/analyze (likelihood ร impact) โ prioritize โ respond โ monitor.
Risk response strategies:
๐ก๏ธ Mitigate/Reduce โ implement controls to reduce likelihood or impact
๐ Transfer โ shift risk to another party (cyber insurance)
โ Avoid โ eliminate the activity that creates the risk
โ Accept โ acknowledge and accept the risk (residual risk)
Risk management process: identify risks โ assess/analyze (likelihood ร impact) โ prioritize โ respond โ monitor.
Risk response strategies:
๐ก๏ธ Mitigate/Reduce โ implement controls to reduce likelihood or impact
๐ Transfer โ shift risk to another party (cyber insurance)
โ Avoid โ eliminate the activity that creates the risk
โ Accept โ acknowledge and accept the risk (residual risk)
Know the four risk response strategies: Avoid, Transfer, Mitigate, Accept (ATMA). Residual risk = remaining risk after controls. Inherent risk = risk before any controls. Risk appetite = how much risk the organization is willing to accept. Risk tolerance = the acceptable variance around risk appetite.