Assessing Information Security Risk

In this course we take a deep dive into the risk assessment element or component of the risk management process as it relates to information security.

This course focuses on a practical approach to the risk assessment component of risk management—providing a step-by-step process for organizations on: (i) how to prepare for risk assessments; (ii) how to conduct the risk assessments; (iii) how to communicate risk assessment results to key organizational personnel; and (iv) how to maintain the risk assessments over time.

Risk assessments are not simply one-time activities that provide permanent and definitive information for decision makers to guide and inform responses to information security risks. Rather, organizations employ risk assessments on an ongoing basis throughout the system development life cycle and across all of the tiers in the risk management hierarchy and that is what we intend to achieve by doing this course.

This course is broken down as follows:

1. SECTION-1: FOUNDATION

   • Intro to KEY RISK CONCEPTS

     1- What does it mean to assess information security risks?

     2a- Why is it necessary and what roles does this process plays in keeping an organization’s, businesses, people, processes, technology and data secure?

     2b-Risk assessments can support a wide variety of risk-based decisions and activities

2. SECTION-2: CONDUCTING THE RISK ASSESSMENT

   • Intro to the case scenario and its requirements

   • The approach to addressing the case

   • 1-PREPARATION PHASE

   • 2-CONDUCTING THE RISK ASSESSMENT PHASE

   • 3-COMMUNICATING AND SHARING RISK ASSESSMENT INFORMATION PHASE

   • 4-MAINTAINING THE RISK ASSESSMENT PHASE

   • 5-PRODUCTING THE FINAL REPORT: Risk Assessment Report for FinSecure, Inc.

   Delve into this course to see the other wonderful resources presented in the following sections.

3. SECTION-3:

4. SECTION-4:

5. SECTION-5: