CHAPTER 3
Information Security Risk Assessment
This domain includes questions from the following topics:
• Benefits and outcomes of an information risk management program
• Developing a risk management strategy
• Risk assessment and risk management standards and frameworks
• The risk management life-cycle process
• Vulnerability and threat analysis
• Integrating risk management into an organization’s practices and culture
• The components of a risk assessment: asset value, vulnerabilities, threats, and probability and impact of occurrence
• Qualitative and quantitative risk analysis
• The risk register
• Risk management in other business processes
This chapter covers Certified Information Security Manager (CISM) Domain 2, “Information ...
Get CISM Certified Information Security Manager Practice Exams, Second Edition, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.