Free

Risk Management and Information Systems Control

In this Cybersecurity risk management course, students will come to understand the value of assets, learn to analyze threat potential, and identify cost-effective methods of mitigation. Best practices of risk management will also be covered.
1
10
M
Time
intermediate
difficulty
1
ceu/cpe

Course Content

Risk Management Introduction

1m

Risk Management in Information Technology
What is Risk?

4m

Risk Management in Information Technology
Terms in Cybersecurity

8m

Risk Management in Information Technology
What is Risk Management?

8m

Risk Management in Information Technology
Risk Assessment Process

6m

Risk Management in Information Technology
Qualitative Risk Assessment

5m

Risk Management in Information Technology
Quantitative Risk Assessment

7m

Risk Management in Information Technology
Risk Mitigation

5m

Risk Management in Information Technology
Risk Avoidance

6m

Risk Management in Information Technology
Risk Transference

5m

Risk Management in Information Technology
Risk Acceptance and Risk Rejection

7m

Risk Management in Information Technology
Course Review

7m

Risk Management in Information Technology
Course Description

In this cybersecurity risk management course, you will learn about cybersecurity and IT manager's roles to determine and establish risk assessments for projects. This will help you identify project risks when making business decisions. You will also learn terminologies used in Risk Management by executives and managers. Additionally, will learn how to apply these concepts in your environment (devices, applications, systems and projects).

This is not a class about operations on securing networks or devices. This is a class about providing the mindset needed to think about processes, procedures and controls regarding flow of information and determining risks and quantifying it for management to make decisions properly. Concepts such as assets, threats and vulnerabilities that establishes risk and the ways to measure it such as Qualitative and Quantitative Risk measurements.

You can then apply the knowledge from this course to design and request projects better as you are able to provide a better business case and justify budget as it pertains to the risk associated with the project. You can then provide and justify a preliminary risk analysis to assist in building a better business justification of a project.

We will discuss real world examples and white papers from other organizations and do an autopsy of such failures in establishing risk that led into outages or breach. We will also look into how management failed to establish and identify their risk accordingly.

Prerequisites for this Cybersecurity Risk Management Course

Basic understanding of network devices, systems and applications used by a business. Some basic understanding of business concepts such as ROI and budgets as well as some project experience.

Cybersecurity Risk Management Course Goals

By the end of this cybersecurity risk management course, students should be able to:

  • Understand concepts with regards to Risk Management
  • Understand concepts about establishing Information System Controls
  • Understand terminologies used in risk management
  • Be able to provide preliminary risk analysis
  • Be able to use qualitative and quantitative risk measuring techniques for providing risk calculations to management
  • What is Cybersecurity Risk Management?

    Risk management typically refers to the forecasting and evaluating of risks along with the identification of strategies and procedures that can be used to prevent or minimize their impact. Cybersecurity risk management is used to guide many IT decisions as these risks continue to create critical outcomes that negatively affect the overall health and performance of organizations.

    What Does this Cybersecurity Risk Management Training Entail?

    In this security risk management training, students will learn about the principles of risk management and the four key elements:

    * Risk Identification * Risk Assessment * Risk Response * Risk Monitoring

    Students will learn to identify cybersecurity related threats and vulnerabilities, to determine the risk level of those vulnerabilities, to define controls and safeguards, and to perform cost-benefit analysis or business impact analysis.

    The Risk Management Micro Certification prepares students to perform the four key elements, which is typically the primary responsibility of most information security professionals. Students will also learn best practices as they relate to cybersecurity risk management. These are skills that, once learned, will be immediately beneficial to the organizations that students work for.

    At the end of the training, there is a skill certification test that will assess the students’ grasp of risk management for cybersecurity. The total clock hours for the course is 5 hours and 20 minutes. Students will earn 4 CEU/CPE and a Risk Management Certificate of Completion when they finish the course.

    Who Should Take this Cybersecurity Risk Management Training?

    This security risk management training is ideal for IT managers, cybersecurity managers, and those IT professionals who aspire to be managers. However, as an introductory course, it’s also designed for anyone with a desire and willingness to learn about risk management in the cybersecurity and IT fields.

    Having basic knowledge of information security and information security management topics will be helpful for students, but it isn’t a prerequisite. The class will be facilitated using a step-by-step approach for performing a risk assessment no matter what their technical information security or management background is.

    Why is Security Risk Management Important?

    Cybersecurity is frequently considered to be an IT issue. However, when thought of in broader terms, it’s a strategic risk management issue that involves people, processes, technologies, policies, and intelligence. There are very clear benefits that organizations will enjoy when they adopt a risk management approach to cybersecurity:

    * Operational benefits – The right cybersecurity approach and compliance culture along with the right set of technologies allows organizations to reap the natural operational benefits that come with it, such as more robust policies and processes. * Strategic benefits – A risk management approach to cybersecurity in which all security team members are more aware of potential risk exposure across the organization creates a better security posture overall. That, in turn, will create a higher level of confidence in the investors and shareholders. * Financial benefits – The careful evaluation and mitigation of cybersecurity risks can ultimately lead to financial benefits in the form of reduced potential fines, prevention of losses due to cyberattacks, and the minimization of the financial impact in case of data breaches.

    If you are interested in risk management as it applies to cybersecurity, this security risk management training is the best place to start. It’s easy to enroll, just click on the Register button in the top right corner of this screen to begin.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Instructor
    Robert Guana

    I am Robert Nathaniel Gauna. I currently work for a private financial institution based in Southern California and New Jersey. It is one of the largest private banks in the world and security is part of a highly regulated industry such as finance.

    I started as a developer for a startup that eventually became Jfax.com in the early 2000s. I wore many hats to support the QA and Dev labs, so I had to learn networking, databases and development. Part of it was exposure to information security which became a skill I learned to do as I had to create bastion web servers on the network facing the internet used by customers.

    Later on, I worked in a financial institution as a developer and lead engineer, ensuring patches and applying security policies as needed and securing the application and host servers since I understood how the OS interacts with how the application is launched and runs within the OS.

    Finally, leveraging my knowledge of working on different technologies and applications, I joined MUFG as a security analyst working on policy compliance, enforcing technical security standards and reporting on compliance as part of our regulatory requirements.

    While working on my CISSP, I believe developing lessons along the way will help me reinforce more of the concepts I have absorbed as well as being able to teach others who are in the same journey as I am. That’s why I jumped on the opportunity on teaching here in Cybrary as soon as it happened.

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a Risk Management and Information Systems Control Certificate of Completion