This course will introduce participants to the tenets of information security and information privacy risk management, including information risk governance, metrics and management reporting; and common frameworks for identifying, treating, and managing risk. This course will describe how to develop a security program, draft policies, and conduct internal, external, and vendor risk assessments. Additionally, this course will address proactive security design and testing techniques to reduce downstream risk; security contract negotiations to reduce the potential for future liability; and standard operational processes businesses need to effectively manage ongoing risk. This course will also cover privacy program operations, including policies, privacy notices, and?conducting privacy impact assessments/data protection impact assessments.
Learning Objectives
Understand and use a variety of risk frameworks to build a cybersecurity program | Draft a security process and create a security control framework to assess potential risks |Determine when third party assessments are required, and be able to conduct a third-party assessment | Describe the role of external audits and assessments | Articulate the role of privacy documents, including privacy policies, notices, and other disclosures
Framework Connections
Specialty Areas
- Program/Project Management and Acquisition
- Risk Management
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.