Risk Identification, Monitoring, and Analysis
This chapter includes questions from the following objectives:
• 3.1 Understand the risk management process
• 3.2 Perform security assessment activities
• 3.3 Operate and maintain monitoring systems (e.g., continuous monitoring)
• 3.4 Analyze monitoring results
This chapter contains a complete set of questions and answers regarding risk definition (threat sources, threat events, vulnerabilities, and threat intelligence); risk management (risk register, CVSS, RMF, and risk treatment); and risk assessment (threat modelling, vulnerability analysis, and risk assessment steps). In addition, it refers to operation and maintenance of monitoring systems (IDS/IPS, detection and prevention ...