CISSP: Risk Management
Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level
Overview/Description
Risk management is an integral part of overall information systems security. In this course, you'll learn about personnel security best practices, risk management concepts, and risk analysis techniques. You'll also be introduced to threat modeling best practices, countermeasure selection, and implementing risk controls. Finally, this course covers risk monitoring and reporting best practices. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Information Systems Security Professional (CISSP) exam.
Target Audience
Individuals interested in information systems security concepts, methodologies and best practices; candidates for the Certified Information Systems Security Professional (CISSP) exam
Prerequisites
None
Expected Duration (hours)
1.7
Lesson Objectives CISSP: Risk Management
start the course
identify best security practices for screening employee candidates
identify best security practices for employment agreements and policies
identify best security practices for employment termination processes
identify best security control practices when partnering with vendors, consultants and contractors
identify best practices for establishing personnel security compliance policies
identify best practices for implementing personnel security policies
identify security threats and vulnerabilities
distinguish between qualitative, quantitative, and hybrid risk assessment strategies
identify options for assigning and accepting risk
select risk countermeasures
implement risk countermeasures and controls
distinguish between preventive, detective, and corrective risk control types
identify best practices for assessing risk controls
identify best practices for measuring and monitoring risk
specify the purpose of valuating assets
identify best practices for reporting risk management activities and findings
specify the purpose and best practices of continuous improvement as a result of risk management activities
identify appropriate risk frameworks
identify threats using threat modeling techniques
use threat trees to diagram potential attacks
identify best practices when performing a reduction analysis
distinguish between different technologies and processes that can be used to remediate threats
identify best practices for ensuring risk considerations are applied when outsourcing hardware, software and services
recognize third-party assessment and monitoring techniques for risk mitigation
identify best practices when establishing minimum security requirements for acquisition activities
use an SLA to define appropriate service-level requirements
specify appropriate information system training, education and awareness levels for an organization
identify best practices for conducting periodic reviews for content relevancy
select appropriate techniques for assessing risk and implementing risk remediation options
Course Number: sp_cisp_a02_it_enus
Expertise Level
Intermediate