Chapter 1

Measuring and Weighing Risk

THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

images 2.1 Explain the importance of risk related concepts.

  • Control types: Technical; Management; Operational
  • False positives
  • False negatives
  • Importance of policies in reducing risk: privacy policy; acceptable use; security policy; mandatory vacations; job rotation; separation of duties; least privilege
  • Risk calculation: likelihood; ALE; impact; SLE; ARO; MTTR; MTTF; MTBF
  • Quantitative vs. qualitative
  • Vulnerabilities
  • Threat vectors
  • Probability/threat likelihood
  • Risk-avoidance, transference, acceptance, mitigation, and deterrence
  • Risks associated ...

Get CompTIA Security+ Study Guide: SY0-401, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.