Learning Outcomes:
- Understand the concepts of risk, risk response and mitigation
- Identify and protecting an organization from unacceptable losses
- Apply the NIST/ISO risk management processes
- Outlining the system security boundary
- Create a system security plan
- Identify security risk components
- Estimate the impact of compromises to confidentiality, integrity and availability
- Adopt the appropriate model for categorizing system risk
- Setting the stage for successful risk management
- Documenting risk assessment and management decisions
Indicative Module Content:
- Introduction to risk, risk management, risk mitigation
- System Security Plans (SSPs)
- Controls
- Risk and the system security boundary
- Identifying security risk components
- NIST/ISO risk management processes
- Risk impact: compromises to confidentiality, integrity and availability
- Models for categorizing system risk
- Documenting critical risk assessment and management
- Collecting on-going security metrics