SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition, 2nd Edition

CHAPTER 7 Risk, Response, and Recovery

In this chapter, you will learn about

• The definition of risk, threat sources, threat events, and vulnerabilities

• Primary methods of managing risk

• The definition of residual risk

• Risk assessment steps

• Differences between quantitative and qualitative analysis

• Steps in incident response

Defining Risk

The simple definition of risk is the probability or likelihood that a threat will exploit a vulnerability and cause a loss. A threat is any activity that can be a possible danger. A vulnerability is a weakness, and a loss represents a negative event for an organization. Figure 7-1 shows these components and their relationships with each other.

Figure 7-1 Components of risk

A common formula ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition, 2nd Edition by Darril Gibson

CHAPTER 7

Risk, Response, and Recovery

Defining Risk

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly