• Online, Self-Paced
Course Description

Before any organization can adequately implement the risk management framework they must understand how to determine and apply appropriate security requirements. Preparation requires a disciplined and structured set of activities in order to execute the framework at the appropriate risk management levels. This course provides Engineers, Software Architects, and Systems Analysts with context and priorities for managing security and privacy risk.

Learning Objectives

On successful completion of this course, learners should have the knowledge and skills to:

  • Perform the preparation steps for using the NIST Risk Management Framework
  • Identify personnel for risk management roles
  • Determine the organization’s risk tolerance and risk management strategy
  • Identify common controls and allocate them to organizational entities
  • Prioritize mission or business focus from a security and privacy perspective
  • Identify organizational assets which need protection
  • Identify scopes of protection for assets and associated authorization boundaries
  • Identify information types and associated regulatory compliance requirements for security and privacy
  • Implement procedures to manage the information life cycle with respect to requirements for security and privacy
  • Perform risk assessment at the system level to inform security and privacy requirements

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.