Ongoing Monitoring

Video Activity

This lesson covers the importance of risk management as an ongoing activity. Risks to data security must be monitored constantly to detect if new risks have arisen or if mitigation strategies are no longer effective. Strategies must be in place to address new risks as they are discovered. Risks can never be eliminated, only minimized to levels acce...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 54 minutes
Difficulty
Advanced
CEU/CPE
4
Video Description

This lesson covers the importance of risk management as an ongoing activity. Risks to data security must be monitored constantly to detect if new risks have arisen or if mitigation strategies are no longer effective. Strategies must be in place to address new risks as they are discovered. Risks can never be eliminated, only minimized to levels acceptable to senior management.

Video Transcription
00:04
Okay, So in looking with risk management, we've talked about risk assessment, which basically, we're gonna identify, evaluate our assets and we're gonna think about threats and vulnerabilities. Then we move into risk analysis where we want to get a value. We're looking to figure out what is the potential for loss.
00:21
No said. There's qualitative risk analysis
00:24
that's more subjective in nature. We're going to use words like very likely unlikely or high probability, medium probability, very subjective and quantitative analysis, which is more objective. It's more fact based numeric or empirical data
00:43
eso looking for value
00:45
with analysis. And then we look to mitigate a risks we look to reduce, which is less than the probability and or impact we look to trans. First, that we can share in the potential for loss. Or sometimes when the cost of the counter measures just too expensive, we accept the risk.
01:03
So those were the main elements of a risk, and just the last slide in this chapter,
01:07
keeping in mind that risks never go away. You know, we really don't eliminate risks usually are big thing that we do is we reduce risks to a level that's acceptable by senior management, right? We've talked about that idea again and again. Well, ultimately, once we get that risk, too,
01:27
the specific level that senior management wants
01:30
now we've got to keep tracking, making sure that it stays at that level. We constantly have new threats emerging every single day, something new. There's some new way to do the same old stuff, whether it's fraud or theft or or whatever that may be.
01:47
So we have to stay very knowledgeable of emerging trends,
01:52
of emerging threat, new vulnerabilities that are popping up in the software that were using. And we constantly have to make sure that we're operating within the confines off. What management feels like is an acceptable level of risk. That's our jobs, information, security officers. So we've
02:10
done all of those elements to manage with risk.
02:13
Now we're gonna continue to monitor to make sure we stay in the right place.
Up Next
Chief Information Security Officer (CISO)

In this CISO certification training, you will learn what other CISO's are focusing their time and attention on. Among the key topics, you will learn how to implement the proven best practices that make for successful cyber security leadership.

Instructed By