Course Overview

Risk Management is one of the most important areas of cybersecurity—and yet it’s one of the most overlooked areas by technicians and technical managers in the industry. This training program focuses on topics related to the security policy framework, risk mitigation strategies and controls, risk management approach, vendor risk management strategies, risk communication, and control options including procedures related to penetration testing and management reviews. The following are the highlights of the course:

• describe risk as it relates to information systems
• differentiate between threats, vulnerabilities, impacts, and risks
• describe the first step of the NIST risk management framework, categorizing risk
• differentiate between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk
• describe characteristics of risk management concepts
• identify risk assessment characteristics and options
• describe options for risk treatment
• recognize some strategies of effective vendor risk management
• describe the concept of penetration testing
• describe the concept of management review procedures