This course focuses on the fundamentals of Risk Management as applied to Cybersecurity and privacy. The course covers the National Institute of Standards and Technology (NIST) Special Publication 800-37 R2 – Risk Management Framework for Information Systems and Organizations. The course lectures are supplemented with hands-on exercises to reinforce the learning process.
Learning Objectives
- Demonstrate knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Demonstrate knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Demonstrate knowledge of Security Assessment and Authorization process.
- Demonstrate knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
- Demonstrate knowledge of Risk Management Framework (RMF) requirements.
- Demonstrate knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
- Demonstrate the ability to understand the basic concepts and issues related to cyber and its organizational impact.
- Demonstrate the ability to apply cybersecurity and privacy principles to organizational requirements legal and regulatory requirements with regard to incident handling.
Framework Connections
Specialty Areas
- Legal Advice and Advocacy
- Risk Management
- Vulnerability Assessment and Management
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.