CK Cyber 2 - LO1.3.A

To increase the value of assets

To evaluate the current level of risk and identify potential risk mitigation strategies

To eliminate all threats

To determine the profitability of the organization

A guaranteed loss to the organization

A threat that can leverage a vulnerability to cause damage

An opportunity for profit

A measure of asset value

Determine threats

Analyze risk

Determine assets within the scope and their value

Identify vulnerabilities

To increase the number of assets

To identify weaknesses that could be exploited by threats

To calculate the financial worth of the organization

To eliminate all risks

Determine vulnerabilities

Analyze risk

Determine threats

Determine asset value

Processes

Actions

Asset depreciation

Locations

Determine asset value

Analyze the risk posed by each vulnerability/threat

Determine threats

Identify vulnerabilities

To ensure all assets are insured

To prioritize which assets need more protection

To sell the assets at a higher price

To eliminate low-value assets

Only financial assets

The range of processes, actions, functions, assets, and locations for which risk is being evaluated

Only physical locations

Only digital data

Step 1

Step 2

Step 3

Step 4