This course presents the concept of managing cyber risk from a technical perspective. An overview of cyber risk management opens the class, followed by foundational material on conducting a risk assessment of considerations such as threats, vulnerabilities, impacts, and likelihood. Various technical methods for conducting a risk assessment are presented, to include vulnerability assessments and penetration tests, with a focus on continuous monitoring of security controls and how to assess those security controls using the National Institute of Standards and Technology Special Publication 800-53 and 800-53a as a guide.
- Understand key concepts and issues in risk management.
- Survey multiple risk management frameworks.
- Understand risk assessment and analysis methodologies.
- Identify information security controls and countermeasures to mitigate risks to acceptable levels.
- Understand concepts and methods of 'continuous monitoring'.