• Classroom

In today's global economy, every organization has a mission. In this digital era, as organizations critically depend upon information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organizations information assets, and therefore its mission, from IT-related risk.

An effective risk management process is an important component of a successful IT security program. The principal goal of an organizations risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

Risk is the net negative impact of the exercise of a vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.

This course provides an overview into the specific criteria, steps and actions necessary to implement and sustain a comprehensive Information Risk Management program.

Learning Objectives

  • Define and implement an information asset and data classification schema.
  • Document the relevant components of information ownership schema.
  • Identify threats, vulnerabilities and exposures to organizational data and information assets.
  • Address various risk methodologies and assess application to individual enterprise environments.
  • Explain and utilize risk assessment and analysis methodologies.
  • Select specific methods to determine sensitivity and criticality of information resources.
  • Assess information security controls and countermeasures and their effectiveness.
  • Develop risk mitigation strategies for critical organizational information resources.
  • Utilize Gap and Cost-benefit analyses as means to analyze and mitigate risk to a management acceptable level.
  • Utilize key risk indicators to identify and help mitigate risk.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.