Domain 02: Information Risk Management and Compliance

Risk Management Overview
Types of Risk Analysis
The Importance of Risk Management
Risk Management Outcomes
Risk Management Strategy
Lesson 2: Good Information Security Risk Management
Context and Purpose
Scope and Charter
Other Risk Management Goals
Roles and Responsibilities
Lesson 3: Information Security Risk Management Concepts
Lesson 4: Implementing Risk Management
The Risk Management Framework
The External Environment
The Internal Environment
The Risk Management Context
Gap Analysis
Other Organizational Support
Lesson 5: Risk Assessment
NIST Risk Assessment Methodology
Aggregated or Cascading Risk
Other Risk Assessment Approaches
Identification of Risks
Vulnerabilities Part 1
Vulnerabilities Part 2
Analysis of Relevant Risks
Risk Analysis
Semi -Quantitative Analysis
Quantitative Analysis Example
Evaluation of Risks
Risk Treatment Options
Lesson 6: Controls Countermeasures
Residual Risk
Information Resource Valuation
Methods of Valuing Assets
Information Asset Classification
Determining Classification
Impact Part 1
Impact Part 2
Lesson 7: Recovery Time Objectives
Recovery Point Objectives
Service Delivery Objectives
Third-Party Service Providers
Working with Lifecycle Processes
IT System Development
Project Management Part 1
Project Management Part 2
Lesson 8: Risk Monitoring and Communication
Risk Monitoring and Communication
Other Communications
Section Review