Risk Management

The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes:

(i) the conduct of a risk assessment;

(ii) the implementation of a risk mitigation strategy; and

(iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system.

See FIPS 200 under Risk Management for detailed information.

The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, and includes:

(i) establishing the context for risk-related activities;

(ii) assessing risk;

(iii) responding to risk once determined; and

(iv) monitoring risk over time.

See the following under Risk Management for detailed information:
NIST SP 800-39.
NIST SP 800-12 Rev. 1.
NIST SP 800-128.
NIST SP 800-137 FIPS 200.
NIST SP 800-161.
NIST SP 800-30 Rev. 1.
NIST SP 800-39.
NIST SP 800-53 Rev. 4.
NISTIR 7621 Rev. 1 NIST SP 800-53 Rev. 4.

The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations.

See the following under Risk Management for detailed information:
NIST SP 800-18 Rev. 1 NIST SP 800-30.
NIST SP 800-34 Rev. 1 NIST SP 800-53.

The on-going process of assessing the risk to IT resources andinformation, as part of a risk-based approach used to determine adequate security for a system, by analyzing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk.

See NIST SP 800-16 under Risk Management for detailed information.

The total process of identifying, controlling, and eliminating or minimizing uncertain events that may adversely affect system resources. It includes risk analysis, cost benefit analysis, selection, implementation and test, security evaluation of safeguards, and overall security review.

See NISTIR 4734 under Risk Management for detailed information.

An ISCM capability that focuses on reducing the successful exploits of the other non-meta capabilities that occur because the risk management process fails to correctly identify and prioritize actions and investments needed to lower the risk profile.

See NISTIR 8011 Vol. 1 under Capability, Manage and Assess Risk for detailed information.

The process of identifying, assessing, and responding to risk.

See the following under Risk Management for detailed information:
NIST Cybersecurity Framework Version 1.1.
NIST Privacy Framework Version 1.0.

Are you ready to become Security+ certified?

SY0-601 Study PackageHere's what you'll getWhat people are saying

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Get an online study package that helps you:

Study using multiple materials online
Use them to complement Darril Gibson’s CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide book or any other study guide you’re using
Ensure you’re ready for the exam no matter what study guide you’re using

SY0-601 Full Study Package is available here.

Package includes hundreds of multiple-choice practice test questions, performance-based questions, audio, and flashcards.

Over 385 Realistic SY0-601 Security+ Practice Test Questions

All questions include explanations so you’ll know why the correct answers are correct, and why the incorrect answers are incorrect. These questions are derived from and organized by chapters in the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide. See a demo here.

Extra Test Bank of Practice Test Questions

Questions are added occasionally. You can see what has been added recently here.

Performance-based Questions

Performance-based questions including at least 10 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions.

Online Flashcard Set

771 Online Security+ Glossary Flashcards
255 Online Security+ Acronyms Flashcards
217 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide

Check out the demo here.

Audio – SY0-601 Security+ Remember This Audio Files

Learn by Listening.

Over one hour of audio repeating the Remember This blocks from the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. (MP3 downloads.)

Audio – SY0-601 Security+ Question and Answer Audio Files

Learn by Listening.

Over five hours of audio repeating questions and answers from the 11 chapters in the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. (MP3 downloads.)

Bonus #1
The same set of questions organized by domain including questions in the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide plus extra practice test questions.

Bonus #2
Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. Over one hour and 45 minutes of additional audio.

Bonus #3
Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide. This includes labs, extra practice test questions, and supplementary materials.

Bonus #4
Extended access. Access the study materials for a total of 60 days because sometimes life happens

Bonus #5
10% off Voucher. Access to a coupon code that will give you 10% off your exam voucher. At the current price of $370 USD for the Security+ voucher, this can save you $37.

Get the SY0-601 Full Study Package here.

“I re-took it at an in-person testing center, and due to NOT being
constantly distracted by a paranoid schizophrenic proctor, I was able to pass the thing.

Your textbook was instrumental in achieving that, couldn’t have done it without your work. Thank you.”

“I just wanted to say thank you for providing your knowledge via your textbook geared towards passing the Security+ (SY0-601). I just passed my exam on the first try!

Thanks again.”

“Today I took and passed my SY0-601 Exam.

Score 771/900

This is my 4rth COMPTIA exam and I nearly had the same score on each test. Roughly on each test I got 85%.

I have used your web services/books for A+, Network+ and Security+
“

“I wish to inform you that I passed the sec plus certification (sy0-501)on my second attempt. Your material was very useful and it constituted 80% of the material I used in preparing for the exam.”