Managing Risk in IT Organizations is a foundational course to the program. Decisions with regards to information security need to be grounded in an understanding of the strategic value of systems and information. Identifying risk within the organization is not only important to identify priorities for resource allocation, it also provides a framework for analyzing situations. Using risk management strategies, security professionals will be able to determine appropriate defenses and responses to incidents.
Learning Objectives
- Evaluate a situation to clearly identify a risk and potential remediation of that risk
- Develop classifications of systems and information in order to determine priorities based on importance or sensitivity
- Identify information and system assets that could pose significant risk to the organization if they were lost or compromised
- Recommend strategies for mitigating risk to sensitive organization assets
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Vulnerability Assessment and Management
- Targets
- Threat Analysis
- Program/Project Management and Acquisition
- Strategic Planning and Policy
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.