From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
Join today to access over 25,500 courses taught by industry experts.
Common risk assessment frameworks
From the course: Advanced Threat Modeling and Risk Assessment in DevSecOps
Common risk assessment frameworks
- [Narrator] In this lesson, we'll break down some of the most important risk assessment frameworks that you will encounter in cybersecurity and DevSecOps environments. That's the ISO 27005, NIST 800-30, and FAIR. First, to answer the question why we use the risk assessment frameworks in the first place, it is because risk assessment frameworks provide structured, repeatable ways to identify, analyze, and prioritize risks. Without a framework, risk management becomes subjective and inconsistent. Frameworks make sure that everyone, from developers to executives, is speaking the same language about risk. There are more than a few frameworks available to us, but I will focus on three with ISO 27005 as the first on the list. I'm a little bit biased with ISO standards, since I'm directly involved in implementations of the ISO 27000 family of standards that are focused on information security and cybersecurity. To be more specific, the before mentioned ISO 27005 helps with risk management…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.