(Risk): Conducting Information Security Risk Assessments

Conducted properly, information security risk assessments provide managers with the feedback needed to understand threats to corporate assets, determine vulnerabilities of current controls, and select appropriate safeguards. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value.

Based on best practices and approaches detailed in, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition this course gives you detailed instruction on how to conduct a risk assessment effectively and efficiently. Trusted to assess security for leading organizations (Hospitals, Universities, Retailers, Pharmaceuticals) and government agencies, including CIA, NSA, and NATO, Douglas Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. He details time-tested methods to help you,

This course covers all of the elements of conducting an information security risk assessment from the statement of work to the final report. Walking you through the process of conducting an effective security assessment, it provides the tools and up-to-date understanding you need to select the security measures best suited to your organization.

Course Overview

Overall Proficiency Level

3 - Advanced

Training Purpose

Functional Development

Management Development

Skill Development

Specific Audience

All

Delivery Method

Classroom

Online, Instructor-Led

Course Locations

Austin Training Center
1805 Rutherford Ln, Suite 100
Austin, TX 78754

NoVA Training Center
Tysons Corner, VA 22182

LA Training Center
Los Angeles, CA 90001

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Classroom
Online, Instructor-Led

Learning Objectives

At the completion of this course attendees will be able to:

Better negotiate the scope and rigor of security assessments
Effectively interface with security assessment teams
Effectively assess any security control (administrative, technical, or physical)
Gain an improved understanding of final report recommendations
Deliver insightful comments on draft reports

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: February 4, 2025