Introducing Security Aligning Asset and Risk Management

Course 1 - Introducing Security and Aligning Asset Management to Risk ManagementIn this course, we’re going to start by discussing the security concepts, identifying corporate assets, and discussing the risk management process.

Course 1 Learning Objectives

After completing this course, the participant will be able to: 

L1.1 - Classify information security and security concepts.   L1.2 - Summarize components of the asset management lifecycle.  L1.3 - Identify common risks and vulnerabilities.  L1.4 - Provide examples of appropriate risk treatment. 

Course Agenda

Module 1: Understand Security Concepts (Domain 1 - Security Operations and Administration) Module 2: Participate in Asset Management (Domain 1 - Security Operations and Administration) Module 3: Understand the Risk Management Process (Domain 3 - Risk Identification, Monitoring and Analysis) Module 4: Understand the Risk Treatment Process (Domain 3 - Risk Identification, Monitoring and Analysis)

Who Should Take This Course: Beginners

Experience Required: No prior experience required

None

Syllabus

Syllabus - What you will learn from this course
Week 1
Module 1: Understand Security
One of the first questions we should ask is, what is information security? Information security can have completely different meanings for different people. 
Module 2: Participate in Asset Management
Asset management deals with the protection of valuable assets to the organization as those assets progress through their lifecycle. Therefore, we need to address the security of assets all through the stages of their lifecycle including creation/collection, identification and classification, protection, storage, usage, maintenance, disposal, retention/archiving and defensible destruction of assets. To properly protect valuable assets, such as information, an organization requires the careful and proper implementation of ownership and classification processes, which can ensure that assets receive the level of protection based on their value to the organization. 
Week 2
Module 3: Understand the Risk Management Process
The enormous increase in the collection of personal information by organizations has resulted in a corresponding increase in the importance of privacy considerations. As a result, privacy protection constitutes an important part of asset security. 

Appropriate security controls must be chosen to protect the asset as it progresses through its lifecycle, bearing in mind the requirements of each phase and the handling requirements throughout.
Module 4: Understand the Risk Treatment Process
In this module we begin to look at the risk management process. Risk management is a critical component of an information security program since it drives the selection of controls used to mitigate business and IT risk. The risk management program manages risk, but it does not eliminate it. All activities have an element of risk associated with them (even doing nothing is risky business), so risk management must be an essential part of every organization’s management and operational plans. 
Week 3
Module 5: Chapter 1 Review
In the IT department, we tend to see risk from a negative viewpoint; it represents the problems and inconvenience associated with IT systems failure. We see risk as what happens when something goes wrong, and we are under pressure to fix the problem as quickly as possible. However, in the rest of the business, risk is seen as opportunity — the chance to take a risk and make a return on investment — and the larger the risk, the greater the possible reward (or loss). 

First, a definition of risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. It is often expressed as a combination of (1) the adverse impacts that would arise if the circumstance or event occurs, and (2) the likelihood of occurrence.  

Note that information system-related security risks are those risks that arise from the loss or compromise of any of the information security attributes (CIANA+PS) required of information or information systems. It reflects the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the nation. 

We see from this definition (which is, first of all, IT based) that risk is associated with threats, impact, and likelihood. But this definition also states that IT risk is a subset of business risk and must be measured by the impact of the risk event on organizational operations, assets, and other third parties.

FAQ

When will I have access to the lectures and assignments?

Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:

What will I get if I subscribe to this Certificate?

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.

Reviews