Security+ Domain 5.0: Risk Management: Chapter 22

Chapter 22: Risk Management and Business Impact Analysis

Business Impact Analysis

RTO / RPO

MTBF

MTTR

Mission-critical functions

Identification of critical systems

Single point of failure

Impacts on

Life

Property

Safety

Finance

Reputation

Privacy Impact Assessment

Privacy Threshold Assessment

Risk Management Concepts

Threat Assessment

Environmental

Manmade

Internal / External

Risk Assessment

SLE

ALE

ARO

ALE = SLE * ARO

Asset value

Risk register

Likelihood of occurrence

Supply chain assessment

Impact assessment

Qualitative assessment

Quantitative assessment

Testing

Penetration testing

Vulnerability testing

Risk Response Techniques

Avoid (Refuse)

Transfer

Mitigate

Accept

Change Management

Configuration control

Security Controls

Deterrent

Preventive

Detective

Corrective

Compensating

Technical

Administrative

Physical