CHAPTER 3

Risk Identification, Monitoring, and Analysis

This chapter includes questions from the following objectives:

•    3.1 Understand the risk management process

•    3.2 Perform security assessment activities

•    3.3 Operate and maintain monitoring systems (e.g., continuous monitoring)

•    3.4 Analyze monitoring results

This chapter contains a complete set of questions and answers regarding risk definition (threat sources, threat events, vulnerabilities, and threat intelligence); risk management (risk register, CVSS, RMF, and risk treatment); and risk assessment (threat modelling, vulnerability analysis, and risk assessment steps). In addition, it refers to operation and maintenance of monitoring systems (IDS/IPS, detection and prevention ...

Get SSCP Systems Security Certified Practitioner Practice Exams now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.