CompTIA CASP+: Assessing & Managing Risk

IN THIS COURSE

• 1.  Course Overview
  1m 34s
  In this video, you’ll learn more about your instructor and this course. In this course, you’ll learn how to apply risk management frameworks to assess and mitigate risk, and how to identify threat actors and physical risks. Next, you’ll learn how to mitigate risks related to human resources and social engineering techniques. Then, you’ll discover qualitative and quantitative risk analysis. Finally, you’ll learn about insider threats, supply chain dependencies, and sources of threat intelligence. FREE ACCESS
• 2.  Risk Management
  6m 41s
  In this video, you’ll learn more about risk management. You’ll see there are many different types of risks defined within the enterprise, such as strategic risk, environmental risk, market risk, credit risks, operational risks, and compliance risks. You’ll see all of these types of risks are supported by underlying IT services. The goal is to try to reduce the likelihood of a threat occurring. FREE ACCESS
• 3.  Risk Management Frameworks
  7m 19s
  In this video, you’ll learn more about how a risk management framework integrates IT security and risk management into one formal type of framework. It allows users to strike a reasonable balance between realizing opportunities such as engaging in business activities or gains, versus minimizing any losses that might result from realized threats. You’ll always end up with some kind of residual risk. The first part of risk management is identifying assets. FREE ACCESS
• 4.  Threat Actors
  7m
  In this video, you’ll learn more about threat actors. These are the entities responsible for security incidents such as malware infections, or DDoS attacks. This might even include other business competitors that don’t want to see your organization succeed. You’ll see the first thing you must do when it comes to security incidents is figure out who the attackers are and what they want. FREE ACCESS
• 5.  Physical Risks
  7m 26s
  In this video, you’ll learn more about cybersecurity in terms of physical security. It’s important to remember that to use digital IT systems, there must be some physical equipment running somewhere that makes that possible. This means there are some inherent physical risks that can directly affect your use of digital IT systems. The first category of this is facility or building security. FREE ACCESS
• 6.  Human Resources Risk Mitigation
  6m 24s
  In this video, you’ll learn that people are the most valuable resource of any organization. However, there’s risk depending on how human resources policies are structures. Here, you’ll learn more about human resources risk mitigation. While people are the most valuable asset to an organization and its success, people are also the weakest security link. FREE ACCESS
• 7.  Social Engineering
  7m 30s
  In this video, you’ll learn that one threat organizations face today is social engineering. Social engineering is related to malicious users trying to trick or deceive victims. Normally the goal is to get the victim to disclose some kind of sensitive information, whether it's banking credentials or company trade secrets. You’ll learn there are many ways for malicious users to perpetuate these types of attacks. FREE ACCESS
• 8.  Viewing Phishing E-mails
  6m 20s
  In this video, you’ll learn about phishing e-mails. Phishing email messages are very common. There are so many ways malicious users can attempt to trick people into clicking on buttons or downloading and opening file attachments. Onscreen, you’ll view an example that appears to be from Home Depot. However, you’ll see one of the first things you’ll want to check is the e-mail address. FREE ACCESS
• 9.  Quantitative Risk Analysis
  6m 7s
  In this video, you’ll learn about performing a Quantitative Risk Analysis. This means, how much will it cost if negative incidents occur? How much will it cost to mitigate the impact? You’ll learn how that's determined. You’ll learn about analyzing risks related to assets and activities. Quantitative implies you're talking about numerical data. This includes, how much is an asset worth? How much would it cost if your site is down for six hours? FREE ACCESS
• 10.  Qualitative Risk Analysis
  5m 17s
  In this video, you’ll learn about Qualitative Risk Analysis. You’ll learn this is about prioritizing risk. This is the likelihood of a risk occurring and the impact it could have against assets. Then, you’ll learn what Key Risk Indicators or KRIs are. Qualitative Risk Analysis is a big-picture way of assessing risk without using specific numbers. These procedures do not calculate the cost of risk mitigations. FREE ACCESS
• 11.  Security Objectives and Security Controls
  4m 12s
  In this video, you’ll learn that managing risk means understanding security objectives and related security controls. First, you’ll look at some examples of security objectives. These include preventing malware infections, limiting network access, and preventing data exfiltration. This means preventing sensitive data from leaving the organization and being made available to unauthorized parties. FREE ACCESS
• 12.  The Insider Threat
  5m 48s
  In this video, you’ll learn about insider threats. While it's always important to consider external threats outside of the organization, attention must also be given to insider threats as well. This includes employees of the organization, contractors, and even cleaning staff. You will need to do a periodic access review for those in your organization to make sure they have been given access to facilities and to network resources as required by their job roles. FREE ACCESS
• 13.  Third-party Dependencies
  5m 19s
  In this video, you’ll learn about third-party dependencies. Every organization has some kind of supply chain. Organizations depend on something they did not build themselves. This makes supply chain management very important. Part of the supply chain would be equipment and the vendors that manufacture and provide that equipment. You depend on that hardware being stable and secure and firmware updates being made available. FREE ACCESS
• 14.  Threat Intelligence
  6m 54s
  In this video, you’ll learn about threat intelligence. Threat intelligence is all about keeping up with the latest threats. Using threat intelligence sources results in intelligent risk management. You can craft effective incident response plans when negative incidents occur. It also helps harden your environment against the most current known threats. FREE ACCESS
• 15.  Course Summary
  1m 12s
  In this video, you’ll summarize what you’ve learned in this course. You’ve learned about risk management and risk assessment frameworks and how to deal with risk, including physical risks, supply chain, and human resource risks. You also learned how to calculate risk mitigations and how to use various sources of threat intelligence. You explored risk assessments and risk management frameworks, threat actors and physical risks, social engineering, and human resources risk mitigation. FREE ACCESS