CHAPTER 20

Security Concepts in Support of Organizational Risk Mitigation

This chapter includes questions on the following topics:

•  The importance of a business impact analysis

•  How to perform risk assessments to select effective controls

•  How to evaluate the effectiveness of security staff and controls

•  Important sources of supply chain risk

All of life is the management of risk, not its elimination.

–Walter Wriston

Risk mitigation involves taking steps to reduce adverse effects or the impact of cybersecurity risks that have been identified. Your involvement in this process as a cybersecurity analyst depends on your current role, experience, knowledge, and skills. At a minimum, work you perform likely contributes to the risk ...

Get CompTIA CySA+ Cybersecurity Analyst Certification Practice Exams (Exam CS0-002), 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.