Before any organization can adequately implement the risk management framework they must understand how to determine and apply appropriate security requirements. Preparation requires a disciplined and structured set of activities in order to execute the framework at the appropriate risk management levels. This course provides Engineers, Software Architects, and Systems Analysts with context and priorities for managing security and privacy risk.
On successful completion of this course, learners should have the knowledge and skills to:
- Perform the preparation steps for using the NIST Risk Management Framework
- Identify personnel for risk management roles
- Determine the organization’s risk tolerance and risk management strategy
- Identify common controls and allocate them to organizational entities
- Prioritize mission or business focus from a security and privacy perspective
- Identify organizational assets which need protection
- Identify scopes of protection for assets and associated authorization boundaries
- Identify information types and associated regulatory compliance requirements for security and privacy
- Implement procedures to manage the information life cycle with respect to requirements for security and privacy
- Perform risk assessment at the system level to inform security and privacy requirements
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.