Overview
Learning Outcomes:
In this module, you will complete the following exercises:
- Exercise 1 – Risk Types and Risk Management Strategies
- Exercise 2 – Risk Analysis
- Exercise 3 – Disasters and Business Impact Analysis
- Exercise 4 – Personnel Controls
- Exercise 5 – Third-Party Risk Management
- Exercise 6 – Data Management
- Exercise 7 – Credential Policies
- Exercise 8 – Organizational Policies
After completing this module, you should have further knowledge of:
- The Process of Identifying and Assessing Risk
- Handling Risks
- Risk Analysis
- Quantitative vs. Qualitative Risk Analysis
- Business Continuity and Disasters
- Acceptable Use Policy (AUP)
- Job Rotation
- Mandatory Vacation
- Separation of Duties
- Least Privilege
- Clean Desk Space
- Background Checks
- Non-disclosure Agreement (NDA)
- Social Media Analysis
- Onboarding
- Offboarding
- User Training
- Diversity of Training Techniques
- Vendors
- Supply Chain
- Business Partners
- Service Level Agreement (SLA)
- Memorandum of Understanding (MoU)
- Measurement Systems Analysis (MSA)
- Business Partnership Agreement (BPA)
- End-of-Life (EOL)
- End of Service (EOS)
- Non-disclosure Agreement (NDA)
- Classification
- Governance
- Retention
- Personnel
- Third-party
- Devices
- Service Accounts
- Administrator/Root Accounts
- Change Management
- Change Control
- Asset Management
Exam Objectives:
The following exam objectives are covered in this lab:
5.3 Explain the importance of policies to organizational security.
- Personnel
- Diversity of Training Techniques
- Third-party Risk Management
- Data
- Credential Policies
- Organizational Policies
5.4 Summarize risk management processes and concepts.
Note: Our main focus is to cover the practical, hands-on aspects of the exam objectives. We recommend referring to course material or a search engine to research theoretical topics in more detail.