From the course: ISC2 Certified Cloud Security Professional (CCSP) Cert Prep

Unlock this course with a free trial

Join today to access over 25,200 courses taught by industry experts.

Risk analysis

Risk analysis

- [Instructor] Welcome to this lesson on risk analysis. For this lesson, we're going to break the risk analysis down into three basic steps. The first one is identification. The next one is the analysis itself, and then finally we'll talk about some common cloud risks, starting with identification. The most important part of risk analysis is to first identify assets, and then tie those assets into critical business functions, and then identify possible disruptions. In order to do this, one of the most common methods is to select a standardized risk management framework, and some of those frameworks include ISO, IECs 31000 or NIST SP 800, TAC 37, or COBIT. These methodologies can guide the risk identification process for both assets and disruptions, and also offer generally libraries of common threats that can assist even those who are kind of new to risk assessment in applying a standardized risk measurement to the environment so that we can choose how to progress. So that progression…

Contents