uCertify

The Security Risk Assessment Handbook

Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

About This Course

Skills You’ll Get

Download Course Outline

1

Introduction

  • The Role of the Chief Information Security Officer
  • Ensuring a Quality Information Security Risk Assessment
  • Security Risk Assessment
  • Related Activities
  • The Need for This Course
  • Who Is This Course For?
  • Exercises
  • Bibliography
2

Information Security Risk Assessment Basics

  • Phase 1: Project Definition
  • Phase 2: Project Preparation
  • Phase 3: Data Gathering
  • Phase 4: Risk Analysis
  • Phase 5: Risk Mitigation
  • Phase 6: Risk Reporting and Resolution
  • Exercises
  • Bibliography
3

Project Definition

  • Ensuring Project Success
  • Project Description
  • Exercises
  • Bibliography
4

Security Risk Assessment Preparation

  • Introduce the Team
  • Review Business Mission
  • Identify Critical Systems
  • Identify Asset Classes
  • Identifying Threats
  • Determine Expected Controls
  • Exercises
  • Bibliography
5

Data Gathering

  • SIDEBAR 5.1 Data Gathering: Tools versus Experience
  • Security Control Representation
  • Evidence Depth
  • The RIIOT Method of Data Gathering
  • Exercises
  • Bibliography
6

Administrative Data Gathering

  • Administrative Threats and Safeguards
  • The RIIOT Method: Administrative Data Gathering
  • Exercises
  • Bibliography
7

Technical Data Gathering

  • Technical Threats and Safeguards
  • The RIIOT Method: Technical Data Gathering
  • Exercises
  • Bibliography
8

Physical Data Gathering

  • SIDEBAR 8.1 Physical Security Assessments
  • Physical Threats and Safeguards
  • The RIIOT Method: Physical Data Gathering
  • Exercises
  • Bibliography
9

Security Risk Analysis

  • Obtaining Measurement Data for Security Risk Analysis
  • Qualitative Security Risk Analysis Techniques
  • Quantitative Security Risk Analysis Techniques
  • Summarizing Security Risk Analysis
  • Exercises
  • Bibliography
10

Security Risk Analysis Worked Examples

  • RIIOT FRAME
  • Exercises
11

Security Risk Mitigation

  • Defining Security Risk Appetite
  • Selecting Safeguards
  • Safeguard Solution Sets
  • Establishing Security Risk Parameters
  • Exercises
12

Security Risk Assessment Reporting

  • Cautions in Reporting
  • Pointers in Reporting
  • Report Structure
  • Document Review Methodology: Create the Report Using a Top-Down Approach
  • Assessment Brief
  • Action Plan
  • Exercises
  • Bibliography
13

Security Risk Assessment Project Management

  • Project Planning
  • Project Tracking
  • Taking Corrective Measures
  • Project Status Reporting
  • Project Conclusion and Wrap-Up
  • Exercises
  • Bibliography
14

Security Risk Assessment Approaches

  • Security Risk Assessment Methods
  • Security Risk Assessment Frameworks
  • Exercises
  • Bibliography

Related Courses

All Course