Deep ThoughtsBlog
← Back to all writing

Network+ Exam

Risk Management

October 29, 2025

  • #network+

Risk Management

Threats

Vulnerabilites

combined for risk. When you’re ready to go to bed you lock the doors.

Treats burgurlar, or wind and rain.

vulnerabilities - unlocked doors, depend on the risk, if worried about burgurler, then yes lock all, if worried about wind maybe only lock the front door.

Risk Assesment - process that identifies petential risks in a situation

Seuity - used to ID access key security ontrosl within an applicion system or netowrk.

Threat Assesment - focused on id THE different threats that are out there. Mitre attack framework is an example.

Vulnerability Assesment - focused on identified quantiefying a vuln on a system,

Nessus, QualysGuard, OpeVAS.

Penetration Test - evaluates the secruity of an it INFRASTRUCTURE by trying to safely exploity vulnerabiliys.

Posture Assesment - used to asses the originaztions attack surface.

Define Mission critical componets

Identify strgenths, weakenesses, and security isseus

Stregenthin position stay in control

Buisness risk assesement - understand id potential risks in the buisness

Process Assesment - diciplined examination of processes used by an orgizanation. are you doing the right things, and doing them the right way. After the assesment, there may be some recomendations.

Vendor Assesment - Assement prosepective vendor to determine if they an effectively meeth the obligations and the needs of the buisness.

Venders were sellinc counterfit CISCO devices ect…

Threats, Vulnerabilities, and Risks

Core Concepts

  • Threat: Potential danger. (Ex: burglar, storm, hacker).
  • Vulnerability: Weakness that could be exploited. (Ex: unlocked door, unpatched server).
  • Risk: Combination of threat + vulnerability.
    • Ex: Burglar (threat) + unlocked door (vulnerability) = high risk.

Types of Assessments

1. Risk Assessment

  • Identifies potential risks to systems, data, or business processes.
  • Considers likelihood + impact.
  • Example: Deciding which doors to lock based on weather or burglary concerns.

2. Security Assessment

  • Broad review of security controls (application, system, or network).
  • Goal: Identify access weaknesses and improve defenses.

3. Threat Assessment

  • Focuses on external threats that could impact the org.
  • Tools: MITRE ATT&CK framework.

4. Vulnerability Assessment

  • Identifies and quantifies weaknesses in systems.
  • Tools: Nessus, QualysGuard, OpenVAS.
  • Goal: Catalog vulnerabilities without exploitation.

5. Penetration Test (Pentest)

  • Active exploitation of vulnerabilities to test real-world impact.
  • Safely simulates an attacker.
  • Goes beyond vuln scan by attempting to exploit.

6. Posture Assessment

  • Evaluates the organization’s overall attack surface.
  • Defines mission-critical assets, strengths, and weaknesses.
  • Helps determine readiness against attacks.

7. Business Risk Assessment

  • Focuses on business operations and risks (financial, reputational, operational).
  • Example: Counterfeit Cisco devices entering supply chain = business risk.

8. Process Assessment

  • Examines whether the org’s processes are effective and efficient.
  • After assessment → recommendations for improvement.

9. Vendor Assessment

  • Evaluates vendors to ensure they can meet obligations and security needs.
  • Example: Screening for counterfeit hardware suppliers.

Exam Must-Knows

  • Threat + Vulnerability = Risk.
  • Vulnerability scan ≠ Penetration test (scan = find, pentest = exploit).
  • Threat assessment = what could happen; Risk assessment = what’s the impact if it does.
  • Common tools: Nessus, OpenVAS, Qualys.

⚡Memory Trick:

  • TV → R: Threat + Vulnerability = Risk.
  • Scan = Look, Pentest = Touch.