Part Two: Assessing Risk

This module of CISM Foundations covers risk appetite, risk tolerance, and capacity. We'll look at a range of vital risk management factors and how they affect businesses. We'll also cover the concept that the assets, vulnerabilities, threats, and time form a four-dimensional space that we must apply to our risk management practices and security countermeasures. We round off the lesson by looking at the trade off between the cost of risk mitigation and the value of the assets being protected, to help you calculate how much protection is financially viable for a given asset.

If you have any feedback relating to this lesson, please contact us at support@cloudacademy.com.

Learning Objectives

• Understand how risk tolerance can vary from organization to organization
• Learn about the CIA Triad
• Learn about knowledge, awareness, urgency, and importance and how they impact risk management
• Learn how the asset, vulnerability, threat, and time form a four-dimensional space that can be used to decide upon risk management practices and countermeasures
• Understand how to weigh up the costs of managing risk vs the value of the asset being protected

Intended Audience

This lesson is intended for those looking to take the CISM (Certified Information Security Manager) exam or anyone who wants to improve their understanding of information security.

Prerequisites

Any experience relating to information security would be advantageous, but not essential. All topics discussed are thoroughly explained and presented in a way allowing the information to be absorbed by everyone, regardless of experience within the security field.