Risk Management NIST Approach (RISK-102)
This is a closed class. It requires a contract. On-site for 22 people.
Days: 5 Days Labs: Yes –Local Cyber Range
Type of Course: Advanced Security / Managerial
Prerequisites: Introduction to Cyber Security or 3 years managing cyber security
About this course: Risk Management focuses on overseeing, evaluating, and supporting the documentation, validation, and sign-off processes necessary to assure that new IT systems meet the organization’s information assurance and security requirements. Provides a broad introduction to organizational information systems security risk management concepts and information assurance best practices, approached from the perspective of aligning organizational mission and risk management postures with key information technology cybersecurity processes and best practice information security cyber defense techniques.
Goals: Appropriate treatment of risk, compliance, and assurance from internal and external perspectives. This course will have a subsection on the CRISC exam.
Topics: Security architecture concepts, system and information classification management, system diagnostic tools, technology supply chain risk management, cryptography requirements, and system testing, evaluation and remediation processes.
Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.