Risk Management

Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).

Instruction

Security Control Selection Principles

The total cost of a control includes the following:

  1. Selection

  2. Construction and replacement

  3. Acquisition (materials and mechanisms)

  4. Maintenance and testing

  5. Non-trivial operating cost

  6. Potential side effects

  7. Environmental modifications

  8. Impact on operations
Read the article, Critical Security Controls for Effective Cyber Defense, which lists the top twenty security controls as derived from the most common attack patterns.