This course focuses on the fundamentals of Risk Management as applied to Cybersecurity and privacy. The course covers the National Institute of Standards and Technology (NIST) Special Publication 800-37 R2 – Risk Management Framework for Information Systems and Organizations. The course lectures are supplemented with hands-on exercises to reinforce the learning process.
- Demonstrate knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Demonstrate knowledge of laws, regulations, polcies, and ethics as they relate to cybersecurity and privacy.
- Demonstrate knowledge of Security Assessment and Authorization process.
- Demonstrate knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
- Demonstrate knowledge of Risk Management Framework (RMF) requirements.
- Demonstrate knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
- Demonstrate the ability to understand the basic concepts and issues related to cyber and its organizational impact.
- Demonstrate the ability to apply cybersecurity and privacy principles to organizational requirements legal and regulatory requirements with regard to incident handling.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.