THIS CHAPTER COVERS THE FOLLOWING SSCP EXAM OBJECTIVES:
- 3.1 Understand the risk management process
- Risk visibility and reporting (e.g., risk register, sharing threat intelligence, Common Vulnerability Scoring System (CVSS))
- Risk management concepts (e.g., impact assessments, threat modeling, Business Impact Analysis (BIA))
- Risk management frameworks (e.g., ISO, NIST)
- Risk treatment (e.g., accept, transfer, mitigate, avoid, recast)
- 3.2 Perform security assessment activities ...