• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

The 3-day IS Risk Assessment course is designed to help students build a risk management platform that will address an organizations security concerns. In a growing number of companies, security has become the number one concern. In this 3-day workshop, students will focus on how developing and implementing a Risk Assessment process can increase the effectiveness of an organization?s IS program.

This class is specifically designed around the NIST SP 800-30 Rev. 1, Guide for Conducting Risk Assessments.

Learning Objectives

  • Introduction to Risk Assessment and Management
    • The Risk Management Process
    • Steps of the Risk Assessment Process
    • Key Terms and Definitions
    • Risk Management Hierarchy
    • The Risk Management Framework
    • Publications Related to the RMF
    • Roles and Responsibilities
  • System Categorization
    • Initial Risk Assessment
    • Preparing the Risk Assessment
    • Qualitative Risk Analysis
    • Quantitative Risk Assessment
    • Risk Models
    • Conducting the Risk Assessment
    • Identify and Analyze Vulnerabilities
    • Determining Likelihood and Impact
    • Exercise Selecting Appropriate Security Controls
    • Security Control Selection Process
    • Selecting and Tailoring the Security Control Baseline
    • Examining Security Controls, Enhancements, and Parameters
  • Implementation of Security Controls
    • Implementation Guidance
    • Reducing Risk through Common Controls
    • Exercise
  • Assessment of Security Controls
    • Risk Assessment Plans
    • Assessment Methodology
    • Security Assessment Reports
    • Authorization Recommendations
    • Updating Authorization Packages
  • Authorizing System Operation
    • Risk Tolerance
    • Risk-Based Decisions
    • Authorization Decisions
    • Security Authorization Package Artifacts and Guidance
  • Continuous Monitoring and Ongoing Authorizations
    • Continuous Monitoring Strategy
    • Security Impact Assessments
    • Annual Security Reviews
    • Ongoing Authorization
    • Updating the Risk Assessment
    • System Removal and Decommissioning
  • Putting It All Together
    • Continuous Monitoring Strategy
    • Risk Assessments in a Nut-Shell
    • Practical Exercise

Framework Connections