This course presents a complete framework for the oversight, evaluation, mitigation, and monitoring of risks to information technology assets. Effective risk management requires a structured, organized approach that should identify high-value assets, describe their environment, analyze their vulnerabilities and threats, and assess the risks based on likelihood and impact of exploitation. Using a sound basis for risk assessment sets the foundation for risk mitigation and should be an integral part of any information security program.
- Governance Models
- Assessing Risk
- Risk Mitigation
- Risk Monitoring and Reporting
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.