Learn your way! Get started

CompTIA Security+, Part 3: Risk Management

with expert Ryan Hendricks


Watch trailer

CompTIA Security+, Part 3: Risk Management Trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
  • Power Pack Plus

Release date Release date 1/15/2016
Level Level Intermediate
Runtime Runtime 1h 42m
Closed captioning Closed captioning Included
Transcript Transcript Included
eBooks / courseware eBooks / courseware N/A
Hands-on labs Hands-on labs N/A
Sample code Sample code N/A
Exams Exams Included


Enterprise Solutions
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

In this course we will delve into the world of risk management. A security professional should be well versed in risk analysis and how to handle the risk the organization is exposed to. We will discuss the controls that can be implemented to reduce risk. Lastly, we will cover the best practices when it comes to risk management that are vital to an organization maintaining its business functions and processes. This course will cover the CompTIA Security+ objectives 2.1, 2.3, 2.8 and part of 2.7.

Prerequisites

This course assumes that the user has working knowledge of networks and networking. Ideally, the user should have their CompTIA Network+ certification, but can be replaced with networking experience.

Learning Paths

This course will help you prepare for the following certification and exam:
CompTIA Security+ Certification

Meet the expert

Ryan Hendricks Ryan Hendricks is an experienced instructor who teaches networking and security courses to IT professionals throughout the nation. He currently has the CompTIA Certified Technical Trainer (CTT+ Classroom) and the Cisco Certified Academy Instructor (CCAI) credentials. He holds certifications from (ISC)2, EC-Council, CompTIA, and Cisco. When not on the podium instructing, he delves into IT books, always looking to learn more and keep up with the latest security topics.


Course outline



Risk Management

Analysis (33:20)
  • Introduction (00:27)
  • Asset (01:36)
  • Vulnerability (01:24)
  • Threat (01:10)
  • Risk (00:42)
  • Risk Calculation (01:45)
  • Quantitative Terms (02:23)
  • Quantitative Terms, Cont. (01:09)
  • Quantitative Example 1 (02:19)
  • Quantitative Example 2 (01:17)
  • Cost Benefit Analysis (01:08)
  • CBA Example (00:49)
  • CBA Example, Cont. (01:45)
  • Qualitative Terms (00:43)
  • Likelihood & Impact (01:13)
  • Risk Reduction (01:00)
  • Policies (00:43)
  • Policy Support (00:59)
  • Policy Example (02:25)
  • Privacy Policy (01:00)
  • Acceptable Use Policy (01:23)
  • Security Policy (02:27)
  • Mandatory Vacations (01:06)
  • Job Rotation (01:11)
  • Separation of Duties (00:14)
  • Least Privilege (00:28)
  • Summary (00:21)
Response (14:51)
  • Introduction (00:21)
  • Risk (00:50)
  • Risk Avoidance (01:51)
  • Risk Transference (02:21)
  • Risk Mitigation (01:18)
  • Risk Deterrence (00:48)
  • Risk Acceptance (01:16)
  • Risk Example (00:29)
  • Risk Example, Avoidance (00:41)
  • Risk Example, Transference (00:46)
  • Risk Example, Mitigation (02:20)
  • Risk Example, Acceptance (01:21)
  • Summary (00:21)
Controls (21:18)
  • Introduction (00:27)
  • Risk Mitigation (00:31)
  • Controls Types (01:24)
  • Directive Controls (01:17)
  • Preventative Controls (01:40)
  • Deterrent Controls (01:28)
  • Compensating Controls (01:19)
  • Detective Controls (01:12)
  • Corrective Controls (00:49)
  • Recovery Controls (00:59)
  • Risk Strategies (00:14)
  • Change Management (03:13)
  • Incident Management (01:05)
  • User Rights and Permissions (01:56)
  • Perform Routine Audits (00:48)
  • Data Loss or Theft (00:56)
  • Data Loss Prevention (01:29)
  • Summary (00:24)
Best Practices (32:54)
  • Introduction (00:23)
  • Business Continuity (00:32)
  • Business Impact Analysis (01:01)
  • Identify Critical Systems (00:48)
  • BIA Terminology (01:28)
  • BIA Terminology, Cont. (00:55)
  • Terminology Diagram (02:15)
  • Terminology Example (01:50)
  • BCP Testing (01:14)
  • Continuity of Operations (01:16)
  • IT Contingency Plan (01:02)
  • Succession Planning (01:15)
  • Single Point of Failure (01:20)
  • High Availability (02:58)
  • Redundancy (00:34)
  • Spares (00:40)
  • Fault Tolerance (00:27)
  • Component Failure (01:21)
  • RAID (00:25)
  • RAID 0 (01:26)
  • RAID 5 (00:41)
  • Clustering (00:44)
  • Servers (01:07)
  • Disaster Recovery (00:39)
  • Backups (00:46)
  • Backup Schedule (03:17)
  • Alternate Sites (01:55)
  • Summary (00:21)