This course provides hands-on experience in assessing and managing risk associated with information systems. Students will investigate a wide range of related topics, including:
- Building asset-based threat profiles
- Identifying infrastructure vulnerabilities
- Conducting risk analysis
- Developing a mitigation strategy
The project for this course is a Cyber Security Risk Management Plan: Conducting a Risk Assessment and Building a Risk Management Plan. As you work through the course, you will develop the sections of the plan, working from the initial scoping of the plan, through discovering the potential threats and vulnerabilities, developing strategies to mitigate them, and finally accounting for the long-term maintenance of the plan in order to keep up with changing risks.
Course Learning Objectives
- Determine appropriate scope for risk management efforts based on the environment in which the program is being developed.
- Characterize an IT system to delineate the operational authorization boundaries and provide information essential to defining the risk.
- Identify potential threats and vulnerabilities for the chosen environment that could affect critical assets.
- Determine the impact of threats and vulnerabilities when they actually constitute a risk and what the impact of that risk might be.
- Evaluate existing controls for managing risk.
- Recommend additional controls for managing risk.
- Evaluate risk management efforts and monitor for new and recurring risks.
- Develop a complete risk management plan for an organization.
The CISSP All-in-One Exam Guide is a required resource that you will use throughout this set of specialization courses for Cyber Security. It is listed as a required text in all Cyber Security courses. You only need to purchase it once, unless later editions of the guide are released as you pursue the specialization.