IT Examiner School, Palm Springs, CA

Information Security - Risk Identification

• Threat - natural occurrence, technology or physical failure – Threat identification conducted in the risk assessment process • Vulnerabilities - a weakness in an information system, system security procedure, internal control, or implementation exploited by a threat source. • Supervision of Cybersecurity Risk and Resources for Cybersecurity Preparedness

Information Security - Risk Measurement

• Develop risk measurement processes that evaluate the inherent risks.

• Determine the risk associated with different threats.

• Measure the risks to guide recommendations for and use of mitigating controls.