National CAE Designated Institution
  • Classroom
  • Online, Instructor-Led

This course focuses on the fundamentals of Risk Management as applied to Cybersecurity and privacy. The course covers the National Institute of Standards and Technology (NIST) Special Publication 800-37 R2 – Risk Management Framework for Information Systems and Organizations. The course lectures are supplemented with hands-on exercises to reinforce the learning process.

Learning Objectives

 

  • Demonstrate knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Demonstrate knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Demonstrate knowledge of Security Assessment and Authorization process.
  • Demonstrate knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Demonstrate knowledge of Risk Management Framework (RMF) requirements.
  • Demonstrate knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
  • Demonstrate the ability to understand the basic concepts and issues related to cyber and its organizational impact.
  • Demonstrate the ability to apply cybersecurity and privacy principles to organizational requirements legal and regulatory requirements with regard to incident handling.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Legal Advice and Advocacy
  • Risk Management
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.