IT Security/Operational/Risk

This lesson covers risk concepts.

Objectives and Skills edit

Objectives and skills for the risk concepts portion of Security+ certification include:[1]

Explain the importance of risk related concepts.
  • Control types
    • Technical
    • Management
    • Operational
  • False positives
  • False negatives
  • Importance of policies in reducing risk
    • Privacy policy
    • Acceptable use
    • Security policy
    • Mandatory vacations
    • Job rotation
    • Separation of duties
    • Least privilege
  • Risk calculation
    • Likelihood
    • ALE
    • Impact
    • SLE
    • ARO
    • MTTR
    • MTTF
    • MTBF
  • Quantitative vs. qualitative
  • Vulnerabilities
  • Threat vectors
  • Probability / threat likelihood
  • Risk-avoidance, transference, acceptance, mitigation, deterrence
  • Risks associated with Cloud Computing and Virtualization
  • Recovery time objective and recovery point objective

Readings edit

Multimedia edit

  1. YouTube: Control Types - CompTIA Security+ SY0-401: 2.1
  2. YouTube: False Positives and False Negatives - CompTIA Security+ SY0-401: 2.1
  3. YouTube: Reducing Risk with Security Policies - CompTIA Security+ SY0-401: 2.1
  4. YouTube: Calculating Risk - CompTIA Security+ SY0-401: 2.1
  5. YouTube: Quantitative and Qualitative Risk Assessment - CompTIA Security+ SY0-401: 2.1
  6. YouTube: Vulnerabilities, Threat Vectors, and Probability - CompTIA Security+ SY0-401: 2.1
  7. YouTube: Risk Avoidance - CompTIA Security+ SY0-401: 2.1
  8. YouTube: Risks with Cloud Computing and Virtualization - CompTIA Security+ SY0-401: 2.1
  9. YouTube: Recovery Time Objectives - CompTIA Security+ SY0-401: 2.1

Activities edit

See Also edit

References edit