Exam Objectives Fast Track | SSCP Study Guide and DVD Training System

The risk management cycle is a process of identifying, assessing, planning, monitoring, and controlling elements and events that may have a negative impact on the company.
Vulnerabilities exist when there are weaknesses in a system, or the lack of a safeguard to protect the system.
Validation of risk management processes may be performed both internally (by members of the company) or externally (by third parties who are designated or contracted to validate such changes).

Risks are the potential for loss, resulting from something that has a negative impact on project objectives or the company's ability to perform normal business functions.
Threats are the potential for an event or other source to use a particular vulnerability to cause damage. It is something that adversely effects the confidentiality, availability, or integrity of a project or business.
Risks and threats may come in any variety of forms, inclusive to disasters, social issues, unauthorized access, internal problems, hardware and software problems, or issues relating to the risk management process.

Risk mitigation is the process of reducing risk to an acceptable level through controls and safeguards.
Safeguards are implemented to protect against a given threat, thereby lowering the potential damage that could be caused if the risk became an actual problem.
Risk mitigation options consist of assumption, avoidance, limitation, planning, research, and transference

Business continuity plans are a collection of different plans that focus on restoring the normal business functions of the entire business.
Disaster recovery plans provide procedures for recovering from a disaster after it occurs, and addresses how to return normal IT functions to the business.
Alternate sites are important to recovering from certain disasters. A hot site is fully functional, and allows normal business functions to resume almost immediately. A warm site is partially equipped, and requires some preparation. A cold site takes the most amount of time to reestablish normal functionality, as it requires considerable work to set up and must be built from scratch.

Incidents are unexpected or unwanted events that can threaten security, and have the ability to adversely affect the confidentiality, availability, or integrity of systems, projects, or businesses. They can be accidental, deliberate, or environmental in nature.
Incident response policies provide information on how to handle various incidents. It includes such information as who is responsible for certain tasks, and procedures to deal with specific problems.
Incident investigations can be broken down into six different steps: preparation, detection, containment, eradication, recovery, and follow up.

Computer forensics is the application of computer skills and investigation techniques for the purpose of acquiring evidence.
Computer forensics has four basic components: evidence must be collected, examined, preserved, and presented. The tasks involved in forensics will either fall into one of these groups or be performed across most or all of them.
Copies of data should be made on media that is forensically sterile. This means that the disk has no other data on it, and has no viruses or defects.