Introduction
This chapter covers the second objective in Domain 5.0, Security Architecture, of the CompTIA Security+ exam.
In this chapter, we will look at the elements of effective security governance, investigating all the different stages of risk management, from identification to risk assessment and analysis, and look at calculating loss using Single Loss Expectancy (SLE), Annualized Rate of Occurence (ARO), and Annualized Loss Expectancy (ALE). In the final sections, we will consider the purpose of risk registers, risk tolerance, and risk management strategies with risk reporting and Business Impact Analysis (BIA).
Risk is the probability that an event will happen, but risk can also bring profit. For example, if you place a bet on roulette at a casino, then you could win money. However, it is more likely that risk will result in financial loss. Companies will adopt a risk management strategy to reduce the risk they are exposed to; however, they may not be able to eliminate...