logo


your one source for IT & AV

Training Presentation Systems Services & Consulting Cloud Services Purchase Client Center Computer Museum
Arrow Course Schedule | Classroom Rentals | Student Information | Free Seminars | Client Feedback | Partners | Survey | Standby Discounts

System Source Learning Center
410-771-5544

Call us for more information and to schedule your classes.

IT Security Risk Management

Course description

IT Security Risk Management

 

Course Objectives:

The goal of Security Risk Management is to teach you practical techniques that will be used on a daily basis, while also explaining the fundamentals so you understand the rationale behind these practices. Security professionals often fall into the trap of telling the business that they need to fix something, but they can t explain why. This course will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. You will learn techniques for how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other courses focus entirely on risk analysis methods, this is the first comprehensive guide for managing security risks.

 

  • Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment
  • Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk
  • Presents a roadmap for designing and implementing a security risk management program

 

Learn how to:

  • use a Security Risk Profile
  • use the Qualitative Risk Scale
  • use Architectural Risk Analysis
  • identify Threats and Vulnerability

 

 

1.0 Introduction

  • Seminar member introduction and overview of course material

 

2.0 The Security Evolution

  • Introduction
  • How We Got Here
  • A Risk-Focused Future
  • Information Security Fundamentals
  • The Death of Information Security

 

3.0 Risky Business

  • Introduction
  • Applying Risk Management to Information Security
  • Business-Driven Security Program
  • Security as an Investment
  • Qualitative versus Quantitative

 

4.0 The Risk Management Lifecycle

  • Introduction
  • Stages of the Risk Management Lifecycle
  • Business Impact Assessment
  • A Vulnerability Assessment Is Not a Risk Assessment
  • Making Risk Decisions
  • Mitigation Planning and Long-Term Strategy
  • Process Ownership

 

5.0 Risk Profiling

  • Introduction
  • How Risk Sensitivity is Measured
  • Asking the Right Questions
  • Assessing Risk Appetite

 

6.0 Formulating a Risk

  • Introduction
  • Breaking down a Risk
  • Who or What Is the Threat?

 

7.0 Risk Exposure Factors

  • Introduction
  • Qualitative Risk Measures
  • Risk Assessment

 

8.0 Security Controls and Services

  • Introduction
  • Fundamental Security Services
  • Recommended Controls

 

9.0 Risk Evaluation and Mitigation Strategies

  • Introduction
  • Risk Evaluation
  • Risk Mitigation Planning
  • Policy Exceptions and Risk Acceptance

 

10.0 Reports and Consulting

  • Introduction
  • Risk Management Artifacts
  • A Consultant s Perspective
  • Writing Audit Responses

 

11.0 Risk Management Techniques

  • Introduction
  • Operational Assessments
  • Project-Based Assessments
  • Third-Party Assessments

 

12.0 Threat and Vulnerability Management

  • Introduction
  • Building Blocks
  • Threat Identification
  • Advisories and Testing
  • An Efficient Workflow
  • The FAIR Approach

 

13.0 Security Risk Reviews

  • Introduction
  • Assessing the State of Compliance
  • Implementing a Process
  • Process Optimization: A Review of Key Points
  • The NIST Approach

 

14.0 A Blueprint for Security

  • Introduction
  • Risk in the Development Lifecycle
  • Security Architecture
  • Patterns and Baselines
  • Architectural Risk Analysis

 

15.0 Building a Program from Scratch

  • Introduction
  • Designing a Risk Program
  • Prerequisites for a Risk Management Program
  • Risk at the Enterprise Level
  • Linking the Program Components
  • Program Roadmap

 


Disclaimer: All course objectives and outlines are a guide for students. The course topics and order of presentation may be modified based upon the needs of each individual class.
338 Clubhouse Rd Hunt Valley MD 21031 • 410.771.5544 • f. 410.771.9507   |   Privacy Policy   |   Employees   |   Use Remote Support   |   Site Map