Risk Management and Information Systems Control

via Cybrary

Overview

In this cybersecurity risk management course, you will learn about cybersecurity and IT manager's roles to determine and establish risk assessments for projects. This will help you identify project risks when making business decisions. You will also learn terminologies used in Risk Management by executives and managers. Additionally, you will learn how to apply these concepts in your environment (devices, applications, systems, and projects).

This is not a class about operations on securing networks or devices. This is a class about providing the mindset needed to think about processes, procedures, and controls regarding the flow of information and determining risks and quantifying them for management to make decisions properly. Concepts such as assets, threats, and vulnerabilities that establish risk and the ways to measure it such as Qualitative and Quantitative Risk measurements.

You can then apply the knowledge from this course to design and request projects better as you are able to provide a better business case and justify budget as it pertains to the risk associated with the project. You can then provide and justify a preliminary risk analysis to assist in building a better business justification of a project.

We will discuss real-world examples and white papers from other organizations and do an autopsy of such failures in establishing risk that led to outages or breaches. We will also look into how management failed to establish and identify their risk accordingly.

Prerequisites for this Cybersecurity Risk Management Course

Basic understanding of network devices, systems, and applications used by a business. Some basic understanding of business concepts such as ROI and budgets as well as some project experience.

Cybersecurity Risk Management Course Goals

By the end of this cybersecurity risk management course, students should be able to:

Understand concepts regarding Risk Management
Understand concepts about establishing Information System Controls
Understand terminologies used in risk management
Provide preliminary risk analysis
Use qualitative and quantitative risk measuring techniques for providing risk calculations to management

What is Cybersecurity Risk Management?

Risk management typically refers to the forecasting and evaluating of risks along with the identification of strategies and procedures that can be used to prevent or minimize their impact. Cybersecurity risk management is used to guide many IT decisions as these risks continue to create critical outcomes that negatively affect the overall health and performance of organizations.

What Does this Cybersecurity Risk Management Training Entail?

In this security risk management training, students will learn about the principles of risk management and the four key elements:

Risk Identification
Risk Assessment
Risk Response
Risk Monitoring

Students will learn to identify cybersecurity-related threats and vulnerabilities, determine the risk level of those vulnerabilities, define controls and safeguards, and perform cost-benefit analysis or business impact analysis.

The Risk Management Micro Certification prepares students to perform the four key elements, which is typically the primary responsibility of most information security professionals. Students will also learn best practices as they relate to cybersecurity risk management. These skills, once learned, will be immediately beneficial to the organizations that students work for.

At the end of the training, there is a skill certification test that will assess the students’ grasp of risk management for cybersecurity. The total clock hours for the course are 5 hours and 20 minutes. Students will earn 4 CEU/CPE and a Risk Management Certificate of Completion when they finish the course.

Who Should Take this Cybersecurity Risk Management Training?

This security risk management training is ideal for IT managers, cybersecurity managers, and those IT professionals who aspire to be managers. However, as an introductory course, it’s also designed for anyone with a desire and willingness to learn about risk management in the cybersecurity and IT fields.

Having basic knowledge of information security and information security management topics will be helpful for students, but it isn’t a prerequisite. The class will be facilitated using a step-by-step approach for performing a risk assessment no matter what their technical information security or