LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Addressing risks

Addressing risks

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Addressing risks

“

- [Narrator] Finding risks is important, but not nearly as important as actually addressing those risks. Fortunately, risk management doesn't require an all or nothing approach. You have multiple options for how you can address risks. Before we dive into risk management techniques, though, I want to spend a moment on the concepts of vulnerability and risk. These two items are something used interchangeably, but be careful that you don't fall into that habit. A vulnerability is a weakness that if exploited could enable an attacker to do harm. When we use the term risk, though, it goes deeper than that. Risks take vulnerabilities into account and then add context to them. A risk includes a measurement of how likely an attack is to succeed, as well as a measurement of the potential damage that might result. Those measurements are crucial when it comes to prioritizing your actions and determining which risk management technique makes the most sense. The risk management option that most…

Contents