Course 3 - Risk Identification, Monitoring and Analysis
This is the third course under the specialization SSCP In this course, we will explore how to manage the risks related to information systems. It is time to bring these ideas together in a context of continuous maturity modeling, measuring, and monitoring, which we will see is focused on the here and now. Risk alignment works best at the strategic, long-term level of planning; risk maturation, by contrast, can be most effective when considered in the day-to-day of business operations. This is sometimes called operationalizing the approach to risk management and maturation. Course 3 Learning Objectives After completing this course, the participant will be able to: - Identify common risks and vulnerabilities. - Describe risk management concepts. - Recognize risk management frameworks. - Provide examples of appropriate risk tolerance. - Provide examples of appropriate risk treatment. - Identify risks of noncompliance with laws and regulations. - Identify appropriate methods for risk management frameworks implementation. - Indicate the range and scope of risk review. - Identify the components of risk review. - Describe vulnerability assessment activities used to examine all aspects of network and system security. - Review the steps for monitoring, incident detection, and data loss prevention. - Classify the use of tools that collect information about the IT environment to better examine the organization’s security posture. - Identify events of interest to focus on those that may be part of an attack or intrusion. - Select methods for managing log files. - Describe tools and methods for analyzing the results of monitoring efforts. - Identify communication requirements when documenting and reporting the results of monitoring security platforms. Who Should Take This Course: Beginners Experience Required: No prior experience required