Time
3 hours 24 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
Welcome back to County a project plus P. K +0004
00:05
Now we're going to risk management risk management submission before we are now going to do a bit of a deeper dive
00:13
consists of two parts. So the first part we're gonna be getting introduced into risk the importance of risk management. Howto identify risk and how to quantify risk on ah second part when I look at further details about managing risk and controlling
00:33
risk.
00:35
So what is risk risk? Is any set of circumstances known or unknown, that represent a threat or an opportunity for the project?
00:46
Negative risk is what we call a threat. A positive risk is what we call an opportunity.
00:53
Look that I said, known or unknown,
00:56
we plan for risk.
00:58
We expect certain things to turn up.
01:00
This is plan or known risk,
01:04
but there could be circumstances that go out of our control. Let's take, for example,
01:11
a company that has a subsidiary down in a country,
01:15
Um, and in the country there, So some social revolt. That's something that you can't plan for, but that definitely effects the company's ability to produce. If the factories were located in those countries.
01:34
So, um, risk. We have to as much as possible, be conscious about and consider it.
01:44
And it is not always bad that there is risk. The fact that there is risk is one makes it possible
01:51
for certain things to be executed in a more efficient way
01:55
to avoid or to prevent this from affecting us directly.
02:00
So risk identification? What sources,
02:06
Where do they come from?
02:08
Risk comes from technology. Unless we have mentioned in the past.
02:15
Computers technology in general represents a security risk. There's privacy. There's, ah, personal data. There's health data. There's financial data.
02:28
There are different ways in which these could be compromised. We have
02:32
heard different challenges, different attacks, different hats different, um,
02:40
that us that have been collected by hackers and then exposed.
02:46
So that's one human resource is we're talking about individuals, individuals or percent risk in the sense that because of retaliation, because off corporate espionage, because off trying to make someone look bad, they could affect
03:05
a project.
03:07
Another risk is a regulatory box. They may introduce challenges that affect how our processes in how our projects would be executed and there could be severe fines and penalties if we violate their
03:25
re where requirements.
03:29
There's always business risk as well, in the sense that you don't know for how long the entity will operate. If and this has been the case, many a times in where on Endeavour's undertaken in throughout the projects life cycle,
03:49
the company ceases to exist
03:52
and also in terms of business is one of the challenges. What does this represent for the rest off the business? The project. The project could be sort of a threat in terms off, exposing information that was not intended to be made available
04:12
to sit in back
04:13
parties.
04:15
Also, there's competitive risk, and this has to do ah lot. We research and development. Every company wants to have the latest greatest, the most up to date technology, And they presented in a way that they have an edge ahead of the competition and finally environmental
04:34
risk in how these effects
04:36
our environment.
04:40
Now to analyse risk. There are two different ways qualitative analysis.
04:46
Um, and as the name implies, his quality, this is a could be a subjective
04:50
topoff explanation of risk.
04:54
So called here analysis looks at the impact and the probability
04:59
off.
05:00
Um a specific factor and then in measures are signs a value. They could be digits like regular, um, decimal digits. Or it could be, uh, other higher values.
05:17
And what we would do is that in this matrix, for example,
05:23
we will decide if risk a what probably Lee it has in what,
05:30
uh, impact he may have.
05:32
And then we assigned a value. Why is this important? Because we also have the other one. Quantitative analysis. The quantitative analysis will help us, um,
05:45
assign a dollar value to risk and is based on the probability and impact
05:53
and how much this will translate into the Your Ole Project. The overall operations in life cycle of the project
06:06
Now. Quantitative analysis in quantitative analysis. Qualitative and quantitative. They intersect, and they support each other out.
06:17
Now let's look at an example. It Let's look at some of the indicators that we see in quantitative analysis.
06:24
First, we have acid value, which is basically what we are producing a sport, a factor which is an indicator in percentages that tells those, um,
06:36
how
06:38
how much of a risk the acid is
06:42
single. Loss expectancy is essentially the asset value multiplied by the exposure factor, and it explains what why a one time loss of that asset represents in money.
06:57
The I realized rate of occurrence is how many times a year this could be happening.
07:03
That loss of expectancy again takes the single loss expectancy and distributes that through our year's lifetime.
07:12
Um,
07:13
the annual cost of a safeguard, whatever I used to counter my race, whatever I used to control my risk. And the cost benefit analysis is before risk after risk.
07:24
I mean, before, um, safeguard after safeguard and then the cost of a safeguard.
07:31
This is basically to evaluate if it's worth it, so that's a quick example. Let's imagine that we decided to buy the latest iPhone. The cost of the acid is $1000.
07:46
The exposure factor is 50%. Is a probability off. We dropping the iPhone
07:51
in the screen, cracking, for example.
07:55
So what is the single lost expectancy? If this $1000 a single loss expectancy will be off 500
08:03
now throughout a year, this could happen four times or a 25% chance Auf dem being damaged.
08:11
So because of this, it'll be the 500
08:16
25% is gonna be 125 throughout each month of the year,
08:22
so the rate of occurrence is 5%. Let's assume that, and we're going to calculate that in terms off, um,
08:33
how often you will happen,
08:35
what will be the safeguards? Safeguards could be a case. How much does it cost?
08:39
So I will
08:41
so tracked my loss expectancy
08:46
prior to the control my life expectancy after the control and then the cost of my control.
08:56
Based on that, I will arrive to a value that if it's positive, that means my control is covering more than expecting the
09:09
the asset value.
09:11
So when this would finish the first part off risk management, we have learned the importance of risk management. How do we identify and how to quantify risk? In a few, you will join me for the next part in where we look at how we control risk, thank you so much
09:30
and looking forward to our next conversation

Up Next

CompTIA Project+ (PK0-004)

The CompTIA Project+ course take students through a project’s lifecycle, introducing them to the knowledge and skills that are required to collaborate in project environments. Upon Completion, students will be prepared to pass the Project+ certification exam.

Instructed By

Instructor Profile Image
Humberto Hilario
Information Security Manager and Director of Education at PC AGE Career Institute
Instructor