CompTIA Security+, Part 3 of 8: Risk Management
Course description
In this course we will delve into the world of risk management. A security professional should be well versed in risk analysis and how to handle the risk the organization is exposed to. We will discuss the controls that can be implemented to reduce risk. Lastly, we will cover the best practices when it comes to risk management that are vital to an organization maintaining its business functions and processes. This course will cover the CompTIA Security+ objectives 2.1, 2.3, 2.8 and part of 2.7.
Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.
Prerequisites
This course assumes that the user has working knowledge of networks and networking. Ideally, the user should have their CompTIA Network+ certification, but can be replaced with networking experience.
Meet the expert
Ryan Hendricks
Ryan Hendricks is an experienced instructor who teaches networking and security courses to IT professionals throughout the nation. He currently has the CompTIA Certified Technical Trainer (CTT+ Classroom) and the Cisco Certified Academy Instructor (CCAI) credentials. He holds certifications from (ISC)2, EC-Council, CompTIA, and Cisco. When not on the podium instructing, he delves into IT books, always looking to learn more and keep up with the latest security topics.
Video Runtime
102 Minutes
Time to complete
122 Minutes
Course Outline
Risk Management
Analysis (33:20)
- Introduction (00:27)
- Asset (01:36)
- Vulnerability (01:24)
- Threat (01:10)
- Risk (00:42)
- Risk Calculation (01:45)
- Quantitative Terms (02:23)
- Quantitative Terms, Cont. (01:09)
- Quantitative Example 1 (02:19)
- Quantitative Example 2 (01:17)
- Cost Benefit Analysis (01:08)
- CBA Example (00:49)
- CBA Example, Cont. (01:45)
- Qualitative Terms (00:43)
- Likelihood & Impact (01:13)
- Risk Reduction (01:00)
- Policies (00:43)
- Policy Support (00:59)
- Policy Example (02:25)
- Privacy Policy (01:00)
- Acceptable Use Policy (01:23)
- Security Policy (02:27)
- Mandatory Vacations (01:06)
- Job Rotation (01:11)
- Separation of Duties (00:14)
- Least Privilege (00:28)
- Summary (00:21)
Response (14:51)
- Introduction (00:21)
- Risk (00:50)
- Risk Avoidance (01:51)
- Risk Transference (02:21)
- Risk Mitigation (01:18)
- Risk Deterrence (00:48)
- Risk Acceptance (01:16)
- Risk Example (00:29)
- Risk Example, Avoidance (00:41)
- Risk Example, Transference (00:46)
- Risk Example, Mitigation (02:20)
- Risk Example, Acceptance (01:21)
- Summary (00:21)
Controls (21:18)
- Introduction (00:27)
- Risk Mitigation (00:31)
- Controls Types (01:24)
- Directive Controls (01:17)
- Preventative Controls (01:40)
- Deterrent Controls (01:28)
- Compensating Controls (01:19)
- Detective Controls (01:12)
- Corrective Controls (00:49)
- Recovery Controls (00:59)
- Risk Strategies (00:14)
- Change Management (03:13)
- Incident Management (01:05)
- User Rights and Permissions (01:56)
- Perform Routine Audits (00:48)
- Data Loss or Theft (00:56)
- Data Loss Prevention (01:29)
- Summary (00:24)
Best Practices (32:54)
- Introduction (00:23)
- Business Continuity (00:32)
- Business Impact Analysis (01:01)
- Identify Critical Systems (00:48)
- BIA Terminology (01:28)
- BIA Terminology, Cont. (00:55)
- Terminology Diagram (02:15)
- Terminology Example (01:50)
- BCP Testing (01:14)
- Continuity of Operations (01:16)
- IT Contingency Plan (01:02)
- Succession Planning (01:15)
- Single Point of Failure (01:20)
- High Availability (02:58)
- Redundancy (00:34)
- Spares (00:40)
- Fault Tolerance (00:27)
- Component Failure (01:21)
- RAID (00:25)
- RAID 0 (01:26)
- RAID 5 (00:41)
- Clustering (00:44)
- Servers (01:07)
- Disaster Recovery (00:39)
- Backups (00:46)
- Backup Schedule (03:17)
- Alternate Sites (01:55)
- Summary (00:21)
