CRISC

Course
Time
6 hours 30 minutes
Difficulty
Advanced
CEU/CPE
7

Video Transcription

00:01
Well, that wraps up our domain zero preliminary domain just to make sure that we all start off on the same foot footing and we're gonna just ask a couple of quick questions to make sure domain zero made sense. So our first question
00:18
risks should be reduced until what?
00:23
Okay, Risk should be reduced until what
00:25
they're eliminated.
00:27
We really don't talk in terms about eliminating risks, right? We
00:32
well, I'll save that for a minute. We don't eliminate risk. You can avoid some risks. You just can't eliminate them all
00:39
until risk is accepted. Well, that sounds pretty good, because we said we have to reduce residual risk to the point that's accepted by senior management's and be sounds pretty good.
00:50
Risk is transferred.
00:53
You do transfer some risks, but not all.
00:56
And then risks are avoided. You can't avoid all risk. So be Bravo is the correct answer Here. There we go. We're gonna reduce residual risk to a level that's acceptable by senior management.
01:10
All right, what are the phases of ice? ACOG's risk management life cycle. And remember, this is gonna map to the chapters of this course, So we're gonna start off with risk identification.
01:23
We'll move to risk assessment, risk mitigation and then control and monitoring. Those are the steps of ice. ACOG's risk management lifecycle Definitely, definitely, definitely know those.
01:38
All right, Which of the following is not an element of the security triumph.
01:44
So if you'll remember CIA confidentiality, integrity and availability now that a constant for a lot of things authenticity, accounting, auditing. But in the CIA triad, its availability.
02:00
Oh, right.
02:02
And remember, authenticity is important. It's not like we don't care about authenticity, but the triad is confidentiality, integrity and availability.
02:13
All right, And then which term is best described as Theo? Acceptable level of variation
02:21
that management is willing to allow for any particular risk,
02:25
risk, appetite,
02:28
threshold, tolerance or capacity. And that's the best definition for risk tolerance because risk tolerance is outside of the level, the risk appetite, our risk appetite may focus us in one direction,
02:45
but the risk tolerant says yeah, but for this particular risk,
02:49
we're willing to take on a little more or a little less risk. All right, so I hope the main one made sense. I hope that it was helpful and stick around. We're gonna move right into domain one
03:00
which is risk identification

Up Next

CRISC

This course on Certified in Risk and Information Systems Control is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor