This course presents the concept of managing cyber risk from a technical perspective. An overview of cyber risk management opens the class, followed by foundational material on conducting a risk assessment of considerations such as threats, vulnerabilities, impacts, and likelihood. Various technical methods for conducting a risk assessment are presented, to include vulnerability assessments and penetration tests, with a focus on continuous monitoring of security controls and how to assess those security controls using the National Institute of Standards and Technology Special Publication 800‐53 and 800‐53a as a guide.
Understand key concepts and issues in risk management.
Survey multiple risk management frameworks.
Understand risk assessment and analysis methodologies.
Identify information security controls and countermeasures to mitigate risks to acceptable levels.
Understand concepts and methods of 'continuous monitoring'.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.