Welcome back to Chapter two. We've made it through chapter one and talk about risk identification. And now the next step in the risk management life cycle is gonna be to assess our risks. Risk assessment.
Excuse me. This is a fairly important section on the domain. Ah, you will find that with risk assessment. This is of the highest importance. 28% of your exam is gonna come from this topic, and risk assessment is all about being ableto analyze, evaluate the situation
and determine what the best controlled put in place is. This will, of course, lead into mitigation.
Were you have actually implement that control? All right. So
learning objectives, we're gonna talk about implementing and using some various techniques to assess risk an assessment and analyze can to go right together. It's possible they would use those terms interchangeably. But what we saw in the last section is that
if they're asking you to differentiate between
assessment analysis than assessment is that piece where you determine the probability and impact of a risk and then analysis would be how does that fit into your control strategy? And I hope that makes sense. because it's always strange to me when
you know you go to these different documents by n'est you know, National Institute of Standards,
and you find slightly different terminology you slightly different ways. But I want to make sure that you have that because
there's just no telling which which direction you're going to see that from the exam. All right, so we want to be able to apply some risk assessment techniques, figure out our risk scenarios and use those to help us determine what the probability and impact of a risk our
figure out what our current state of controls are and where we want to get in close. That gap, which we know is called Gap analysis. And then, of course, we're gonna have to take those risks, and we're gonna have to share him with our stakeholders.
All right, so risk assessment, making sure that we understand the difference between the first step and the second test step. Risk identification is purely about what are my assets? One of my threats, one of my vulnerabilities, but with risk assessment,
we want to put a value to them. So at the end of a risk assessment,
we should have a value on the potential for loss, and that's really what we're working towards