uCertify

Managing Risk in Information Systems

(MG-RISK-INFO-MGMT.AG1)
Lessons
Lab
TestPrep
75 Reviews
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Preface

  • Purpose of This Course
  • Learning Features
  • Audience
  • New to This Edition
2

Risk Management Fundamentals

  • What Is Risk?
  • Classify Business Risks
  • Risk Identification Techniques
  • Risk Management Process
  • Risk-Handling Strategies
  • Summary
3

Managing Risk: Threats, Vulnerabilities, and Exploits

  • Understanding and Protecting Assets
  • Understanding and Managing Threats
  • Understanding and Managing Vulnerabilities
  • Understanding and Managing Exploits
  • U.S. Federal Government Risk Management Initiatives
  • Summary
4

Understanding and Maintaining Compliance

  • U.S. Compliance Laws
  • Regulations Related to Compliance
  • Organizational Policies for Compliance
  • Standards and Guidelines for Compliance
  • Summary
5

Developing a Risk Management Plan

  • Objectives of a Risk Management Plan
  • Scope of a Risk Management Plan
  • Assigning Responsibilities
  • Describing Procedures and Schedules for Accomplishment
  • Reporting Requirements
  • Plan of Action and Milestones
  • Charting the Progress of a Risk Management Plan
  • Steps of the NIST Risk Management Framework
  • Summary
6

Defining Risk Assessment Approaches

  • Understanding Risk Assessments
  • Critical Components of a Risk Assessment
  • Types of Risk Assessments
  • Risk Assessment Challenges
  • Best Practices for Risk Assessment
  • Summary
7

Performing a Risk Assessment

  • Selecting a Risk Assessment Methodology
  • Identifying the Management Structure
  • Identifying Assets and Activities Within Risk Assessment Boundaries
  • Identifying and Evaluating Relevant Threats
  • Identifying and Evaluating Relevant Vulnerabilities
  • Identifying and Evaluating Controls
  • Selecting a Methodology Based on Assessment Needs
  • Developing Mitigating Recommendations
  • Presenting Risk Assessment Results
  • Best Practices for Performing Risk Assessments
  • Summary
8

Identifying Assets and Activities to Be Protected

  • System Access and Availability
  • System Functions: Manual and Automated
  • Hardware Assets
  • Software Assets
  • Personnel Assets
  • Data and Information Assets
  • Asset and Inventory Management Within the Seven Domains of a Typical IT Infrastructure
  • Identifying Facilities and Supplies Needed to Maintain Business Operations
  • Summary
9

Identifying and Analyzing Threats, Vulnerabilities, and Exploits

  • Threat Assessments
  • Vulnerability Assessments
  • Exploit Assessments
  • Summary
10

Identifying and Analyzing Risk Mitigation Security Controls

  • In-Place Controls
  • Planned Controls
  • Procedural Control Examples
  • Technical Control Examples
  • Physical Control Examples
  • Best Practices for Risk Mitigation Security Controls
  • Summary
11

Planning Risk Mitigation Throughout an Organization

  • Where Should an Organization Start with Risk Mitigation?
  • What Is the Scope of Risk Management for an Organization?
  • Understanding and Assessing the Impact of Legal and Compliance Issues on an Organization
  • Translating Legal and Compliance Implications for an Organization
  • Assessing the Impact of Legal and Compliance Imp...the Seven Domains of a Typical IT Infrastructure
  • Assessing How Security Countermeasures, Controls, and Safeguards Can Assist With Risk Mitigation
  • Understanding the Operational Implications of Legal and Compliance Requirements
  • Identifying Risk Mitigation and Risk Reduction Elements for the Entire Organization
  • Performing a Cost-Benefit Analysis
  • Best Practices for Planning Risk Mitigation Throughout an Organization
  • Summary
12

Turning a Risk Assessment into a Risk Mitigation Plan

  • Reviewing the Risk Assessment for the IT Infrastructure
  • Translating a Risk Assessment into a Risk Mitigation Plan
  • Prioritizing Risk Elements That Require Risk Mitigation
  • Verifying Risk Elements and How They Can Be Mitigated
  • Performing a Cost-Benefit Analysis on the Identified Risk Elements
  • Implementing a Risk Mitigation Plan
  • Following Up on the Risk Mitigation Plan
  • Best Practices for Enabling a Risk Mitigation Plan from the Risk Assessment
  • Summary
13

Mitigating Risk with a Business Impact Analysis

  • What Is a Business Impact Analysis?
  • Defining the Scope of the Business Impact Analysis
  • Objectives of a Business Impact Analysis
  • Steps of a Business Impact Analysis Process
  • Identifying Mission-Critical Business Functions and Processes
  • Mapping Business Functions and Processes to IT Systems
  • Best Practices for Performing a BIA for an Organization
  • Summary
14

Mitigating Risk with a Business Continuity Plan

  • What Is a Business Continuity Plan?
  • Elements of a BCP
  • How Does a BCP Mitigate an Organization’s Risk?
  • Best Practices for Implementing a BCP for an Organization
  • Summary
15

Mitigating Risk with a Disaster Recovery Plan

  • What Is a Disaster Recovery Plan?
  • Critical Success Factors
  • Elements of a DRP
  • How Does a DRP Mitigate an Organization’s Risk?
  • Best Practices for Implementing a DRP for an Organization
  • Summary
16

Mitigating Risk with a Computer Incident Response Team Plan

  • What Is a Computer Incident Response Team Plan?
  • Purpose of a CIRT Plan
  • Elements of a CIRT Plan
  • How Does a CIRT Plan Mitigate an Organization’s Risk?
  • Best Practices for Implementing a CIRT Plan for an Organization
  • Summary

1

Risk Management Fundamentals

  • Understanding IT Infrastructure Domains
  • Understanding Risk Management
2

Managing Risk: Threats, Vulnerabilities, and Exploits

  • Identifying Vulnerabilities in Software
  • Exploiting Windows using Metasploit
3

Understanding and Maintaining Compliance

  • Understanding U.S. Compliance Laws
  • Understanding Standards and Guidelines
4

Developing a Risk Management Plan

  • Understanding Charts
  • Understanding the NIST Risk Management Framework
5

Defining Risk Assessment Approaches

  • Understanding Impact Scale of a Risk
  • Understanding Risk Assessment Methods
6

Performing a Risk Assessment

  • Understanding Control Categories
  • Identifying and Evaluating Controls
7

Identifying Assets and Activities to Be Protected

  • Understanding Assets
  • Understanding Business Continuity Planning Steps
8

Identifying and Analyzing Threats, Vulnerabilities, and Exploits

  • Using Nmap for Network Enumeration
  • Conducting Vulnerability Scanning using Nessus
9

Identifying and Analyzing Risk Mitigation Security Controls

  • Understanding NIST Control Families
  • Understanding Primary Classes of Fires
10

Planning Risk Mitigation Throughout an Organization

  • Understanding Domains of a Typical IT Infrastructure
  • Understanding PCI DSS Principles and Requirements
11

Turning a Risk Assessment into a Risk Mitigation Plan

  • Understanding Threat/Vulnerability Pairs with Countermeasures
  • Setting Password Policies
12

Mitigating Risk with a Business Impact Analysis

  • Understanding Impact Levels of BIA
  • Understanding Business Impact Analysis
13

Mitigating Risk with a Business Continuity Plan

  • Understanding BCP Teams
  • Understanding Business Continuity Planning
14

Mitigating Risk with a Disaster Recovery Plan

  • Understanding Alternate Sites
  • Understanding Disaster Recovery Plan
15

Mitigating Risk with a Computer Incident Response Team Plan

  • Understanding an Incident Handling Procedure
  • Understanding an Incident Response Process

Related Courses

All Courses