National CAE Designated Institution
  • Classroom
  • Online, Instructor-Led
Course Description

This course focuses on the fundamentals of Risk Management as applied to Cybersecurity and privacy. The course covers the National Institute of Standards and Technology (NIST) Special Publication 800-37 R2 – Risk Management Framework for Information Systems and Organizations. The course lectures are supplemented with hands-on exercises to reinforce the learning process.

Learning Objectives


  • Demonstrate knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Demonstrate knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Demonstrate knowledge of Security Assessment and Authorization process.
  • Demonstrate knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Demonstrate knowledge of Risk Management Framework (RMF) requirements.
  • Demonstrate knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
  • Demonstrate the ability to understand the basic concepts and issues related to cyber and its organizational impact.
  • Demonstrate the ability to apply cybersecurity and privacy principles to organizational requirements legal and regulatory requirements with regard to incident handling.

Framework Connections