uCertify

Managing Risk in Information Systems

(MG-RISK-INFO-MGMT.AG1)
Lessons
Lab
TestPrep
75 Reviews
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Preface

  • Purpose of This Course
  • Learning Features
  • Audience
  • New to This Edition
2

Risk Management Fundamentals

  • What Is Risk?
  • Classify Business Risks
  • Risk Identification Techniques
  • Risk Management Process
  • Risk-Handling Strategies
  • Summary
3

Managing Risk: Threats, Vulnerabilities, and Exploits

  • Understanding and Protecting Assets
  • Understanding and Managing Threats
  • Understanding and Managing Vulnerabilities
  • Understanding and Managing Exploits
  • U.S. Federal Government Risk Management Initiatives
  • Summary
4

Understanding and Maintaining Compliance

  • U.S. Compliance Laws
  • Regulations Related to Compliance
  • Organizational Policies for Compliance
  • Standards and Guidelines for Compliance
  • Summary
5

Developing a Risk Management Plan

  • Objectives of a Risk Management Plan
  • Scope of a Risk Management Plan
  • Assigning Responsibilities
  • Describing Procedures and Schedules for Accomplishment
  • Reporting Requirements
  • Plan of Action and Milestones
  • Charting the Progress of a Risk Management Plan
  • Steps of the NIST Risk Management Framework
  • Summary
6

Defining Risk Assessment Approaches

  • Understanding Risk Assessments
  • Critical Components of a Risk Assessment
  • Types of Risk Assessments
  • Risk Assessment Challenges
  • Best Practices for Risk Assessment
  • Summary
7

Performing a Risk Assessment

  • Selecting a Risk Assessment Methodology
  • Identifying the Management Structure
  • Identifying Assets and Activities Within Risk Assessment Boundaries
  • Identifying and Evaluating Relevant Threats
  • Identifying and Evaluating Relevant Vulnerabilities
  • Identifying and Evaluating Controls
  • Selecting a Methodology Based on Assessment Needs
  • Developing Mitigating Recommendations
  • Presenting Risk Assessment Results
  • Best Practices for Performing Risk Assessments
  • Summary
8

Identifying Assets and Activities to Be Protected

  • System Access and Availability
  • System Functions: Manual and Automated
  • Hardware Assets
  • Software Assets
  • Personnel Assets
  • Data and Information Assets
  • Asset and Inventory Management Within the Seven Domains of a Typical IT Infrastructure
  • Identifying Facilities and Supplies Needed to Maintain Business Operations
  • Summary
9

Identifying and Analyzing Threats, Vulnerabilities, and Exploits

  • Threat Assessments
  • Vulnerability Assessments
  • Exploit Assessments
  • Summary
10

Identifying and Analyzing Risk Mitigation Security Controls

  • In-Place Controls
  • Planned Controls
  • Procedural Control Examples
  • Technical Control Examples
  • Physical Control Examples
  • Best Practices for Risk Mitigation Security Controls
  • Summary
11

Planning Risk Mitigation Throughout an Organization

  • Where Should an Organization Start with Risk Mitigation?
  • What Is the Scope of Risk Management for an Organization?
  • Understanding and Assessing the Impact of Legal and Compliance Issues on an Organization
  • Translating Legal and Compliance Implications for an Organization
  • Assessing the Impact of Legal and Compliance Imp...the Seven Domains of a Typical IT Infrastructure
  • Assessing How Security Countermeasures, Controls, and Safeguards Can Assist With Risk Mitigation
  • Understanding the Operational Implications of Legal and Compliance Requirements
  • Identifying Risk Mitigation and Risk Reduction Elements for the Entire Organization
  • Performing a Cost-Benefit Analysis
  • Best Practices for Planning Risk Mitigation Throughout an Organization
  • Summary
12

Turning a Risk Assessment into a Risk Mitigation Plan

  • Reviewing the Risk Assessment for the IT Infrastructure
  • Translating a Risk Assessment into a Risk Mitigation Plan
  • Prioritizing Risk Elements That Require Risk Mitigation
  • Verifying Risk Elements and How They Can Be Mitigated
  • Performing a Cost-Benefit Analysis on the Identified Risk Elements
  • Implementing a Risk Mitigation Plan
  • Following Up on the Risk Mitigation Plan
  • Best Practices for Enabling a Risk Mitigation Plan from the Risk Assessment
  • Summary
13

Mitigating Risk with a Business Impact Analysis

  • What Is a Business Impact Analysis?
  • Defining the Scope of the Business Impact Analysis
  • Objectives of a Business Impact Analysis
  • Steps of a Business Impact Analysis Process
  • Identifying Mission-Critical Business Functions and Processes
  • Mapping Business Functions and Processes to IT Systems
  • Best Practices for Performing a BIA for an Organization
  • Summary
14

Mitigating Risk with a Business Continuity Plan

  • What Is a Business Continuity Plan?
  • Elements of a BCP
  • How Does a BCP Mitigate an Organization’s Risk?
  • Best Practices for Implementing a BCP for an Organization
  • Summary
15

Mitigating Risk with a Disaster Recovery Plan

  • What Is a Disaster Recovery Plan?
  • Critical Success Factors
  • Elements of a DRP
  • How Does a DRP Mitigate an Organization’s Risk?
  • Best Practices for Implementing a DRP for an Organization
  • Summary
16

Mitigating Risk with a Computer Incident Response Team Plan

  • What Is a Computer Incident Response Team Plan?
  • Purpose of a CIRT Plan
  • Elements of a CIRT Plan
  • How Does a CIRT Plan Mitigate an Organization’s Risk?
  • Best Practices for Implementing a CIRT Plan for an Organization
  • Summary

1

Risk Management Fundamentals

  • Understanding IT Infrastructure Domains
  • Understanding Risk Management
2

Managing Risk: Threats, Vulnerabilities, and Exploits

  • Identifying Vulnerabilities in Software
  • Exploiting Windows using Metasploit
3

Understanding and Maintaining Compliance

  • Understanding U.S. Compliance Laws
  • Understanding Standards and Guidelines
4

Developing a Risk Management Plan

  • Understanding Charts
  • Understanding the NIST Risk Management Framework
5

Defining Risk Assessment Approaches

  • Understanding Impact Scale of a Risk
  • Understanding Risk Assessment Methods
6

Performing a Risk Assessment

  • Understanding Control Categories
  • Identifying and Evaluating Controls
7

Identifying Assets and Activities to Be Protected

  • Understanding Assets
  • Understanding Business Continuity Planning Steps
8

Identifying and Analyzing Threats, Vulnerabilities, and Exploits

  • Using Nmap for Network Enumeration
  • Conducting Vulnerability Scanning using Nessus
9

Identifying and Analyzing Risk Mitigation Security Controls

  • Understanding NIST Control Families
  • Understanding Primary Classes of Fires
10

Planning Risk Mitigation Throughout an Organization

  • Understanding Domains of a Typical IT Infrastructure
  • Understanding PCI DSS Principles and Requirements
11

Turning a Risk Assessment into a Risk Mitigation Plan

  • Understanding Threat/Vulnerability Pairs with Countermeasures
  • Setting Password Policies
12

Mitigating Risk with a Business Impact Analysis

  • Understanding Impact Levels of BIA
  • Understanding Business Impact Analysis
13

Mitigating Risk with a Business Continuity Plan

  • Understanding BCP Teams
  • Understanding Business Continuity Planning
14

Mitigating Risk with a Disaster Recovery Plan

  • Understanding Alternate Sites
  • Understanding Disaster Recovery Plan
15

Mitigating Risk with a Computer Incident Response Team Plan

  • Understanding an Incident Handling Procedure
  • Understanding an Incident Response Process

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More