CASP+ Cert Prep: 1 Risk Management

Prepare for domain 1 of the CompTIA Advanced Security Practitioner (CASP+) exam. Review topics to better understand risk management and its impact on leaders' decision-making.

Introduction

• Welcome
• What you should know
• About the exam
• Risk management fundamentals

1. Risk Mitigation Strategies and Controls (Obj. 1.3)

• The CIA triad
• Data security classification
• Stakeholders input into CIA decision making
• Access control categories
• Access control types
• The aggregate CIA score
• Extreme scenario and worst-case scenario planning
• Extreme scenario and worst-case scenario example
• System-specific risk analysis
• Risk determination
• Magnitude of impact
• Likelihood of threat
• Return on investment
• Total cost of ownership
• Risk management strategies
• Risk management process
• Continuous improvement and monitoring
• Business continuity planning (BCP)
• IT governance

2. Business and Industry Influences and Associated Security Risks (Obj. 1.1)

• Risk management of new products, technologies, and user behaviors
• Business models and strategies
• Partnerships
• Outsourcing
• Third-party outsourcing and security
• Cloud
• Acquisition or mergers and divestiture or demerger
• Integrating diverse industries
• Internal and external influences
• De-perimeterization

3. Security, Privacy Policies, and Procedures in Risk Management (Obj. 1.2)

• Changes and policy development
• Changes and process or procedure development
• Legal and regulatory compliance
• Risk assessment or Statement of Applicability
• Business Impact Analysis
• Interoperability Agreement and Interconnection Security Agreement
• Memorandum of Understanding
• Service Level Agreement and Operating Level agreement
• Non-Disclosure Agreement
• Business Partnership Agreement
• Master service agreement
• Privacy considerations
• Separation of duties
• Job rotation and mandatory vacations
• Least privilege
• Incident response
• Digital forensics
• Employment and termination procedures
• Continuous monitoring
• User training and awareness
• Auditing requirements and frequency

4. Measurements and Metrics in Risk Management (Obj. 1.4)

• Benchmarks and baselines
• Prototyping and multiple test solutions
• Cost benefit analysis
• Metrics collection and analysis
• Analyzing and interpreting trend data
• Reviewing security controls
• Reverse engineering and deconstructing security solutions
• Analyzing security solutions to meet your business' needs
• videos learned and after-action reports
• Solving difficult problems that have no right answer

Conclusion

• Next steps