Identify the concepts of cybersecurity risk management.

Identification should include

• defining risk management as the process of identifying possible vulnerabilities and quantifying potential risk as it pertains to systems
• addressing risk management strategies, including but not limited to
• risk mitigation: reducing the likelihood of the risk
• risk transfer: transferring the risk to another company, such as an insurance firm
• risk avoidance: avoiding the possibility of the risk (e.g., not using a specific software program would avoid any known risks of that program)
• risk acceptance: understanding and accepting the risks associated with use of a system or feature.

Process/Skill Questions:

• How can periodic risk assessments identify physical security threats and vulnerabilities that may affect cybersecurity?
• Why do you need to identify published cybersecurity risk management standards, such as those issued by the National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO)?
• What are the steps of the basic process for developing a security program?
• What are the benefits of developing and deploying a security program?