Overview
A practical understanding of conducting a comprehensive risk assessment following NIST SP 800-30 guidelines., Foundations of assessing Information security Risk, Preparation for an Information Security Risk Assessment, Conducting an Information Security Risk Assessment, Communicating and Sharing Results an Information Security Risk Assessment, How to Maintain an Information Security Risk Assessment, How to align an Information Security Risk Assessment with business objectives, How to produce an Information Security Risk Assessment report to present to senior management, How to develop, organize and structure an assessment team
Chief Information Security Officers (CISOs), Risk Assessment Managers, Security Analysts, Compliance Officers, IT Operations Managers, Incident Response Team Leads, Third-Party Risk Managers
Basic Understanding of Information Security Concepts, Familiarity with Risk Management Frameworks, Experience in IT or Security Roles, Basic Technical Skills, Awareness of Organizational Policies and Procedures
In this course we take a deep dive into the risk assessment element or component of the risk management process as it relates to information security.
This course focuses on a practical approach to the risk assessment component of risk management—providing a step-by-step process for organizations on: (i) how to prepare for risk assessments; (ii) how to conduct the risk assessments; (iii) how to communicate risk assessment results to key organizational personnel; and (iv) how to maintain the risk assessments over time.
Risk assessments are not simply one-time activities that provide permanent and definitive information for decision makers to guide and inform responses to information security risks. Rather, organizations employ risk assessments on an ongoing basis throughout the system development life cycle and across all of the tiers in the risk management hierarchy and that is what we intend to achieve by doing this course.
This course is broken down as follows:
SECTION-1: FOUNDATION
Intro to KEY RISK CONCEPTS
1- What does it mean to assess information security risks?
2a- Why is it necessary and what roles does this process plays in keeping an organization's, businesses, people, processes, technology and data secure?
2b-Risk assessments can support a wide variety of risk-based decisions and activities
SECTION-2: CONDUCTING THE RISK ASSESSMENT
Intro to the case scenario and its requirements
The approach to addressing the case
1-PREPARATION PHASE
2-CONDUCTING THE RISK ASSESSMENT PHASE
3-COMMUNICATING AND SHARING RISK ASSESSMENT INFORMATION PHASE
4-MAINTAINING THE RISK ASSESSMENT PHASE
5-PRODUCTING THE FINAL REPORT: Risk Assessment Report for FinSecure, Inc.
Delve into this course to see the other wonderful resources presented in the following sections.
SECTION-3:
SECTION-4:
SECTION-5:
Richea Perry
I am Richea Perry, an experienced IT & Information Security Professional. Over the past 19 years, I've worked with businesses and organizations in the Petroleum, Education & Hospitality Industries with developing and implementing their Cybersecurity & GRC Programs, that help them in their efforts to operate securely considering the many cyber risks. Some of my acquired skills are attributed to training that I have received in, but not limited to the following certification domains:
Diploma in Teacher Education (Advanced Level)
BSc. Information Technology
OCEG-GRCP, GRCA, IPMP
ISO 27001 LA\LI
CISSP- Certified Information Systems Security Professional (Cert Prep Training)
CRISC-Certified in Risk and Information Security Control (Cert Prep Training)
CISA-Certified Information Systems Auditor (Cert Prep Training)
CISM-Certified Information Systems Manager (Cert Prep Training)
ISSEP- Information Systems Security Engineer Professional (Cert Prep Training)
Cloud Security