Chapter 3Risk Identification, Monitoring, and Analysis (Domain 3)
THE SSCP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:
- Domain 3.0: Risk Identification, Monitoring, and Analysis
- 3.1 Understand the risk management process
- Risk visibility and reporting (e.g., risk register, sharing threat intelligence/Indicators of Compromise (IOC), Common Vulnerability Scoring System (CVSS))
- Risk management concepts (e.g., impact assessments, threat modeling)
- Risk management frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST))
- Risk tolerance (e.g., appetite)
- Risk treatment (e.g., accept, transfer, mitigate, avoid, ignore)
- 3.2 Understand legal and regulatory concerns (e.g., jurisdiction, ...
- 3.1 Understand the risk management process
Get (ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
