CompTIA Security+, Part 3 of 8: Risk Management
Interactive

CompTIA Security+, Part 3 of 8: Risk Management

LearnNow Online
Updated Aug 21, 2018

Course description

In this course we will delve into the world of risk management. A security professional should be well versed in risk analysis and how to handle the risk the organization is exposed to. We will discuss the controls that can be implemented to reduce risk. Lastly, we will cover the best practices when it comes to risk management that are vital to an organization maintaining its business functions and processes. This course will cover the CompTIA Security+ objectives 2.1, 2.3, 2.8 and part of 2.7.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This course assumes that the user has working knowledge of networks and networking. Ideally, the user should have their CompTIA Network+ certification, but can be replaced with networking experience.


Meet the expert

Ryan Hendricks

Ryan Hendricks is an experienced instructor who teaches networking and security courses to IT professionals throughout the nation. He currently has the CompTIA Certified Technical Trainer (CTT+ Classroom) and the Cisco Certified Academy Instructor (CCAI) credentials. He holds certifications from (ISC)2, EC-Council, CompTIA, and Cisco. When not on the podium instructing, he delves into IT books, always looking to learn more and keep up with the latest security topics.

Video Runtime

102 Minutes

Time to complete

122 Minutes

Course Outline

Risk Management

Analysis (33:20)

  • Introduction (00:27)
  • Asset (01:36)
  • Vulnerability (01:24)
  • Threat (01:10)
  • Risk (00:42)
  • Risk Calculation (01:45)
  • Quantitative Terms (02:23)
  • Quantitative Terms, Cont. (01:09)
  • Quantitative Example 1 (02:19)
  • Quantitative Example 2 (01:17)
  • Cost Benefit Analysis (01:08)
  • CBA Example (00:49)
  • CBA Example, Cont. (01:45)
  • Qualitative Terms (00:43)
  • Likelihood & Impact (01:13)
  • Risk Reduction (01:00)
  • Policies (00:43)
  • Policy Support (00:59)
  • Policy Example (02:25)
  • Privacy Policy (01:00)
  • Acceptable Use Policy (01:23)
  • Security Policy (02:27)
  • Mandatory Vacations (01:06)
  • Job Rotation (01:11)
  • Separation of Duties (00:14)
  • Least Privilege (00:28)
  • Summary (00:21)

Response (14:51)

  • Introduction (00:21)
  • Risk (00:50)
  • Risk Avoidance (01:51)
  • Risk Transference (02:21)
  • Risk Mitigation (01:18)
  • Risk Deterrence (00:48)
  • Risk Acceptance (01:16)
  • Risk Example (00:29)
  • Risk Example, Avoidance (00:41)
  • Risk Example, Transference (00:46)
  • Risk Example, Mitigation (02:20)
  • Risk Example, Acceptance (01:21)
  • Summary (00:21)

Controls (21:18)

  • Introduction (00:27)
  • Risk Mitigation (00:31)
  • Controls Types (01:24)
  • Directive Controls (01:17)
  • Preventative Controls (01:40)
  • Deterrent Controls (01:28)
  • Compensating Controls (01:19)
  • Detective Controls (01:12)
  • Corrective Controls (00:49)
  • Recovery Controls (00:59)
  • Risk Strategies (00:14)
  • Change Management (03:13)
  • Incident Management (01:05)
  • User Rights and Permissions (01:56)
  • Perform Routine Audits (00:48)
  • Data Loss or Theft (00:56)
  • Data Loss Prevention (01:29)
  • Summary (00:24)

Best Practices (32:54)

  • Introduction (00:23)
  • Business Continuity (00:32)
  • Business Impact Analysis (01:01)
  • Identify Critical Systems (00:48)
  • BIA Terminology (01:28)
  • BIA Terminology, Cont. (00:55)
  • Terminology Diagram (02:15)
  • Terminology Example (01:50)
  • BCP Testing (01:14)
  • Continuity of Operations (01:16)
  • IT Contingency Plan (01:02)
  • Succession Planning (01:15)
  • Single Point of Failure (01:20)
  • High Availability (02:58)
  • Redundancy (00:34)
  • Spares (00:40)
  • Fault Tolerance (00:27)
  • Component Failure (01:21)
  • RAID (00:25)
  • RAID 0 (01:26)
  • RAID 5 (00:41)
  • Clustering (00:44)
  • Servers (01:07)
  • Disaster Recovery (00:39)
  • Backups (00:46)
  • Backup Schedule (03:17)
  • Alternate Sites (01:55)
  • Summary (00:21)