4.1. Conduct risk assessments and implement risk mitigation.
Risk identification is an essential part of an organization's security endeavor. Without performing a risk assessment and analysis, you won't know what problems your security policy needs to address. Computer systems and networks can never be completely secure. However, that fact shouldn't prevent you from securing your environment as much as possible. Using asset identification, risk assessment, threat identification, and vulnerability management focuses your security endeavors on those areas that pose the greatest threat to your assets.
NOTE
For more information on this topic, see Chapter 3 of the CompTIA Security+ Study Guide, 4th Edition (Sybex, November 2008).
4.1.1.
4.1.1.1. ...
Get CompTIA Security+™: Review Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
