CompTIA CASP+: Assessing & Managing Risk

CompTIA    |    Intermediate
  • 15 videos | 1h 25m 2s
  • Includes Assessment
  • Earns a Badge
Rating 4.7 of 277 users Rating 4.7 of 277 users (277)
Recognizing threats and managing risk are key to hardening an organization's security posture. In this course, you'll explore how to apply risk management frameworks to assess and mitigate risk, as well as how to identify threat actors and physical risks. Next, you'll learn how to mitigate risks related to human resources and social engineering techniques. You'll then move on to examine how to work with qualitative and quantitative risk analysis. Lastly, you'll learn about insider threats, supply chain dependencies, and sources of threat intelligence. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

WHAT YOU WILL LEARN

  • Discover the key concepts covered in this course
    Recognize factors that influence conducting a risk assessment as part of risk management
    Recognize how to apply risk management frameworks
    Identify various types of threat actors
    Recognize physical risks
    Take steps to minimize hr risks
    Recognize how deception techniques are used by attackers
    Analyze e-mail messages to identify phishing attempts
  • Perform a quantitative risk analysis
    Perform a qualitative risk analysis
    Correlate security solutions to security requirements
    Describe how it security must apply to internal networks
    Determine how to reduce the risk related to third-party dependency chains
    Identify multiple sources of threat intelligence
    Summarize the key concepts covered in this course

IN THIS COURSE

  • 1m 34s
    In this video, you’ll learn more about your instructor and this course. In this course, you’ll learn how to apply risk management frameworks to assess and mitigate risk, and how to identify threat actors and physical risks. Next, you’ll learn how to mitigate risks related to human resources and social engineering techniques. Then, you’ll discover qualitative and quantitative risk analysis. Finally, you’ll learn about insider threats, supply chain dependencies, and sources of threat intelligence. FREE ACCESS
  • 6m 41s
    In this video, you’ll learn more about risk management. You’ll see there are many different types of risks defined within the enterprise, such as strategic risk, environmental risk, market risk, credit risks, operational risks, and compliance risks. You’ll see all of these types of risks are supported by underlying IT services. The goal is to try to reduce the likelihood of a threat occurring. FREE ACCESS
  • Locked
    3.  Risk Management Frameworks
    7m 19s
    In this video, you’ll learn more about how a risk management framework integrates IT security and risk management into one formal type of framework. It allows users to strike a reasonable balance between realizing opportunities such as engaging in business activities or gains, versus minimizing any losses that might result from realized threats. You’ll always end up with some kind of residual risk. The first part of risk management is identifying assets. FREE ACCESS
  • Locked
    4.  Threat Actors
    7m
    In this video, you’ll learn more about threat actors. These are the entities responsible for security incidents such as malware infections, or DDoS attacks. This might even include other business competitors that don’t want to see your organization succeed. You’ll see the first thing you must do when it comes to security incidents is figure out who the attackers are and what they want. FREE ACCESS
  • Locked
    5.  Physical Risks
    7m 26s
    In this video, you’ll learn more about cybersecurity in terms of physical security. It’s important to remember that to use digital IT systems, there must be some physical equipment running somewhere that makes that possible. This means there are some inherent physical risks that can directly affect your use of digital IT systems. The first category of this is facility or building security. FREE ACCESS
  • Locked
    6.  Human Resources Risk Mitigation
    6m 24s
    In this video, you’ll learn that people are the most valuable resource of any organization. However, there’s risk depending on how human resources policies are structures. Here, you’ll learn more about human resources risk mitigation. While people are the most valuable asset to an organization and its success, people are also the weakest security link. FREE ACCESS
  • Locked
    7.  Social Engineering
    7m 30s
    In this video, you’ll learn that one threat organizations face today is social engineering. Social engineering is related to malicious users trying to trick or deceive victims. Normally the goal is to get the victim to disclose some kind of sensitive information, whether it's banking credentials or company trade secrets. You’ll learn there are many ways for malicious users to perpetuate these types of attacks. FREE ACCESS
  • Locked
    8.  Viewing Phishing E-mails
    6m 20s
    In this video, you’ll learn about phishing e-mails. Phishing email messages are very common. There are so many ways malicious users can attempt to trick people into clicking on buttons or downloading and opening file attachments. Onscreen, you’ll view an example that appears to be from Home Depot. However, you’ll see one of the first things you’ll want to check is the e-mail address. FREE ACCESS
  • Locked
    9.  Quantitative Risk Analysis
    6m 7s
    In this video, you’ll learn about performing a Quantitative Risk Analysis. This means, how much will it cost if negative incidents occur? How much will it cost to mitigate the impact? You’ll learn how that's determined. You’ll learn about analyzing risks related to assets and activities. Quantitative implies you're talking about numerical data. This includes, how much is an asset worth? How much would it cost if your site is down for six hours? FREE ACCESS
  • Locked
    10.  Qualitative Risk Analysis
    5m 17s
    In this video, you’ll learn about Qualitative Risk Analysis. You’ll learn this is about prioritizing risk. This is the likelihood of a risk occurring and the impact it could have against assets. Then, you’ll learn what Key Risk Indicators or KRIs are. Qualitative Risk Analysis is a big-picture way of assessing risk without using specific numbers. These procedures do not calculate the cost of risk mitigations. FREE ACCESS
  • Locked
    11.  Security Objectives and Security Controls
    4m 12s
    In this video, you’ll learn that managing risk means understanding security objectives and related security controls. First, you’ll look at some examples of security objectives. These include preventing malware infections, limiting network access, and preventing data exfiltration. This means preventing sensitive data from leaving the organization and being made available to unauthorized parties. FREE ACCESS
  • Locked
    12.  The Insider Threat
    5m 48s
    In this video, you’ll learn about insider threats. While it's always important to consider external threats outside of the organization, attention must also be given to insider threats as well. This includes employees of the organization, contractors, and even cleaning staff. You will need to do a periodic access review for those in your organization to make sure they have been given access to facilities and to network resources as required by their job roles. FREE ACCESS
  • Locked
    13.  Third-party Dependencies
    5m 19s
    In this video, you’ll learn about third-party dependencies. Every organization has some kind of supply chain. Organizations depend on something they did not build themselves. This makes supply chain management very important. Part of the supply chain would be equipment and the vendors that manufacture and provide that equipment. You depend on that hardware being stable and secure and firmware updates being made available. FREE ACCESS
  • Locked
    14.  Threat Intelligence
    6m 54s
    In this video, you’ll learn about threat intelligence. Threat intelligence is all about keeping up with the latest threats. Using threat intelligence sources results in intelligent risk management. You can craft effective incident response plans when negative incidents occur. It also helps harden your environment against the most current known threats. FREE ACCESS
  • Locked
    15.  Course Summary
    1m 12s
    In this video, you’ll summarize what you’ve learned in this course. You’ve learned about risk management and risk assessment frameworks and how to deal with risk, including physical risks, supply chain, and human resource risks. You also learned how to calculate risk mitigations and how to use various sources of threat intelligence. You explored risk assessments and risk management frameworks, threat actors and physical risks, social engineering, and human resources risk mitigation. FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Rating 4.4 of 5 users Rating 4.4 of 5 users (5)
Rating 4.6 of 219 users Rating 4.6 of 219 users (219)
Rating 4.6 of 383 users Rating 4.6 of 383 users (383)

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Rating 4.1 of 39 users Rating 4.1 of 39 users (39)
Rating 4.4 of 36 users Rating 4.4 of 36 users (36)
Rating 4.2 of 107 users Rating 4.2 of 107 users (107)