Information and Cyber Security GRC: Risk Management
This course will teach you common procedures to complete practical risk assessments to understand your current information security risk exposure.
What you'll learn
Every organization needs to carefully manage finite resources and budgets in the course of implementing an information security strategy in order to protect the organization while achieving its business objectives.
In this course, Information and Cyber Security GRC: Risk Management, you’ll learn the fundamentals of completing a risk assessment to understand and review information security in enterprise programs and activities.
First, you’ll explore the objectives of an information security risk assessment. Second, you'll learn how to build a business and technology operating model to articulate the impact of undesirable disruption to an organization’s mission. Third, you'll use this model to create risk scenarios and understand the likelihood of threats exploiting a vulnerability in your operating environment.
Table of contents
- Where to Start - Information Gathering 2m
- Where to Start - Standards and Company Risk Information 2m
- Likelihood Based on Controls - Control Categories 2m
- Likelihood of Compromise - Defence in Depth 5m
- An Approach for Attack Surface Analysis 3m
- Creating a Controls Environment 4m
- Controls Assessment and the Final Outcome 4m
About the author
Po was born and educated in Wales, UK before going to Royal Holloway, University of London. It was during his year-in-industry placement, when responding to an incident to recover from a cyber attack, that started a journey of over 20 years in information security. Currently broadening to multiple types of technology and operational risk in the Financial sector, looking for ways to improve risk management, governance and communication to promote innovation and work with the ever changing ways ... more