Security Risk Identification

6m 25s

This Lesson looks at the key aspects of risk management, including risk identification, risk mitigation, and risk controls. We look at the ISO frameworks and the processes you can put in place to manage risks within your organisation.

We then move on to how to assess and identify risks. We look at the difference between qualitative and quantitative risk assessments, as well as considering the guidelines set out by NIST. We move on to look at the main tenants of risk mitigation, which include risk reduction, risk avoidance, risk transfer, and risk retention, before finally looking at the controls you can put in place to counteract risks.

Learning objectives

  • Understand the organisational processes needed to manage risks.
  • Learn how to assess and identify risks.
  • Learn about risk reduction, risk avoidance, risk transfer, risk retention, and risk controls.

Intended audience

This Lesson is intended for anyone who wants to improve their knowledge of risk management in an information security context.


We recommend taking this Lesson as part of the IT Security Fundamentals Course.

About the Author
King Samuel, opens in a new tab
Cyber Security Trainer
Learning paths

Originating from a systems administration/network architecture career, a solid part of his career building networks for educational institutes. With security being a mainstay his implementation he grew a strong passion for everything cyber orientated especially social engineering. The educational experience led to him mentoring young women in IT, helping them to begin a cyber career. He is a recipient of the Cisco global cyber security scholarship. A CCNA Cyber Ops holder and elected for the CCNP Cyber Ops program.

Covered Topics