Summary
This chapter covered the core elements of effective security governance and its crucial role in the management of an organization. This included an exploration of risk identification, assessment, and analysis, as well as a review of risk registers, risk tolerance, and risk management strategies with risk reporting. We also examined aspects of BIA such as RPO, RTO, MTBF, and MTTR, and how to calculate the annual loss expectancy.
The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 5.2 in your CompTIA Security+ certification exam.
The next chapter will be Chapter 25, Explain the processes associated with third-party risk assessment and management.