1. Training
  2. Education & Training Catalog
  3. Texas A&M Engineering Extension Service
  4. Information Risk Management

Information Risk Management

This is an intermediate level course covering topics on information assets, identifying risks, and management processes highlighting best principles and practices. It will provide training on information risk-related tools and technologies (such as asset evaluation, business impact analysis, risk identification, risk quantification, risk response, security policies and compliance) for better understanding of potential threats and vulnerabilities in business online, and learning to adopt levels of security measures and best practices.

Course Overview

Overall Proficiency Level
2 - Intermediate
Course Catalog Number
AWR-177
Course Prerequisites

There are no prerequisites for this class. Students will need to have: 56K modem internet connection, Current browser (i.e., Internet Explorer 6 or higher, Firefox 2.0 or higher, or Safari 2 or higher), Adobe Acrobat Reader 7 or higher, Adobe Flash 9.0.45.0 or higher.
 

Training Purpose
Management Development
Specific Audience
All
Delivery Method
Online, Self-Paced
  • Online, Self-Paced

Learning Objectives

The student will demonstrate an understanding of:

  • The practice of risk management and describe how risk management practices are applied to information systems
  • Familiarity with common risk management frameworks and how they may be applied to information systems risk management
  • Common IT system components, their uses, and how they fit in the risk context process
  • Key assets usually found in an IT system and the procedures used to inventory those assets, identify risks and common hazards
  • Demonstrate the ability to apply risk and hazard frameworks to common cyber threats, as well as demonstrate mastery of the basic principles of information assurance
  • Will describe methods that can be used to identify the symptoms of risk; how project variables impact risk; of how to assign value, criticality, and impact to key IT assets; risk quantification, the quantitative and qualitative methods of risk quantification, hazard likelihood, asset vulnerability, risk impact, risk prioritization, and risk tolerance
  • ISO/IEC code of practice; demonstrate understanding of risk control mechanisms including methods for risk limitation, risk detection, risk recovery, and risk plan monitoring
  • How to use these risk control strategies and other cyber security controls within an organization; organizational security policies as well as compliance with industrial standards such as FISMA, COBIT, and PCI; and to communicate the basics of business continuity.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Risk Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: