Risk management Course
1 hour, 20 minutes
Syllabus
Defining business risk
Video - 00:05:00
In this episode, you will learn about defining business risks.
Threat actors, part 1
Video - 00:05:00
In this episode, you will learn about threat actors and the CIA security traid.
Threat actors, part 2
Video - 00:02:00
The CIA security triad (confidentiality, integrity and availability) describes how solutions such as encryption, hashing, and data backups can address potential attack vectors that might be exploited by threat actors.
Threat intelligence
Video - 00:11:00
Threat intelligence refers to the wide variety of open-source intelligence (OSINT) and proprietary IT security sources that use standards such as STIX and TAXII for cybersecurity intelligence sharing.
Risk management concepts
Video - 00:07:00
A risk management framework helps to identify and manage risk and may be required for compliance with data privacy regulations. Organization security policies are often influenced by data privacy regulations.
Security controls
Video - 00:09:00
Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM) define the types of security controls should be used, and the type of attack vector determines if managerial, operational, or technical controls should be deployed.
Risk assessments and treatments
Video - 00:06:00
Learn how to determine whether assets are adequately protected from threats, run periodic risk assessments on the threat landscape, and define the likelihood and impact of security incidents.
Quantitative risk assessments
Video - 00:07:00
Is the cost of a security control justified? A quantitative risk assessment uses various calculations against an asset to determine the maximum yearly spend for protecting that asset.
Qualitative risk assessments
Video - 00:04:00
The same risk can have a different impact to various organizations. Qualitative risk assessment use subjective priority ratings for risks rather than dollar values.
Security and the information life cycle
Video - 00:09:00
Security must be applied to all phases of the information life cycle, from collection to its eventual archiving and deletion. Learn about data security techniques and laws that apply to data sovereignty.
Data destruction
Video - 00:06:00
Digital data resides on physical storage devices. Secure storage media disposal mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, must be put in place.
Chapter 1 exam question review
Video - 00:02:00
Threats are executed by a variety of different threat actors, each type having a different motivation. This episode presents a scenario where correct type of threat actor must be selected.
Wiping disks with the dd command lab
Video - 00:06:00
When storage media has reached the end of its useful life, data must be wiped from it in a secure manner which can include using some built-in operating system tools.
Chapter 1 Ask Me Anything (AMA)
Video - 00:02:00
The use of social media platforms has skyrocketed in recent years. Organizations must take the appropriate steps to ensure that sensitive data is not leaked through this mechanism.
Unlock 7 days of free training
- 1,400+ hands-on courses and labs
- Certification practice exams
- Skill assessments
Plans & pricing
Infosec Skills Personal
$299 / year
- 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Custom certification practice exams (e.g., CISSP, Security+)
- Skill assessments
- Infosec peer community support
Infosec Skills Teams
$799 per license / year
- Team administration and reporting
- Dedicated client success manager
-
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
-
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps