Cyber Security Risk Management

Name: Cyber Security Risk Management
Rating: 4.4 (892 reviews)

A comprehensive overview of risk and management principles and practices as applied in a cyber security context.

Created byAndrew Stephen

Last updated 1/2023

English

What you'll learn

Develop an understanding of what risk is and how it can be managed.
How to create a risk management framework within your organisation.
How to identify, assess and articulate risk as well as identifying options for treatment and determining which is the most appropriate.
How to perform detailed analysis of risk and develop risk treatment plans.
How to apply risk management concepts in practice including developing a risk register, governance models, risk bowties and reporting.

Course content

4 sections • 52 lectures • 4h 7m total length

Introduction1:50
Introductory lesson and overview of the section.
What Is Risk?2:27
In this lesson we will discuss what risk is and why it matters to our organization.
IT & Cyber Security Risk5:19
In this lesson we will discuss the key differences between IT and cyber risk and go through some examples of various threats and risks.
Components of a Risk3:06
In this lesson we will discuss the components of risk - assets, threats and vulnerabilities.
Articulating Risk7:00
In this lesson we will discuss how to express risk in terms of events, threats, vulnerabilities and assets.

Introduction1:30
Introductory lesson and overview of the section.
What is Risk Management4:02
In this lesson we will discuss what risk management is and how it supports decision making.
Objectives of Risk Management7:25
In this lesson we will discuss the key objectives of risk management and how it helps us to achieve our organizational objectives.
Risk Management vs Risk Minimisation2:18
In this lesson we will discuss the key differences between risk management and risk minimization as well as introducing organizational risk appetite.
Risk Management Principles4:53
In this lesson we will discuss the ISO31000 risk management principles and how these can be applied.
Risk Management Framework2:54
In this lesson we will discuss the risk management framework and how it compares with the Deming "Plan-Do-Check-Act" cycle.
Mandate & Commitment3:50
In this lesson we will discuss the "Mandate & Commitment" phase of the risk management life cycle.
Designing your framework1:04
In this lesson we will discuss the "Design Framework" phase of the risk management life cycle.
Designing your framework – Organisational Context5:00
In this lesson we will discuss the importance of organizational context in the "Design Framework" phase of the risk management framework.
Designing your framework - Establish Policy3:38
In this lesson we will discuss policy establishment in the "Design Framework" phase of the risk management framework.
Designing your framework - Accountability7:54
In this lesson we will discuss the various accountabilities to consider when designing your risk management framework.
Designing your framework - Organisational Integration4:46
In this lesson we will discuss the organizational process integration and resourcing considerations when designing your risk management framework.
Designing your framework - Communication & Reporting4:14
In this lesson we will discuss the reporting and communication aspects to consider when designing your risk management framework.
Designing your framework - Implementation3:39
In this lesson we will discuss the key components to consider when implementing your risk management framework.
Designing your framework - Monitoring & Review5:10
In this lesson we will discuss the how to monitor the effectiveness of your risk management framework.
Designing your framework - Continual Improvement1:04
In this lesson we will discuss the how to ensure that your risk management framework is improved over time and various maturity models that can be applied.
The risk management process1:40
In this lesson we will discuss the ISO31000 risk management process.
The risk management process - Communication & Consultation7:58
In this lesson we will discuss the "Communication and Consultation" phase of the ISO31000 risk management process.
The risk management process - Context Establishment3:30
In this lesson we will discuss the "Context Establishment" phase of the ISO31000 risk management process.
The risk management process - Risk Assessment4:01
In this lesson we will discuss the key components of risk assessment.
The risk management process - Risk Treatment8:28
In this lesson we will discuss the various options to treat risk (avoid, mitigate, transfer, accept), the contents of risk treatment plans and introduce some common control frameworks such as ISO27001, NIST and COBIT.
The risk management process - Monitoring & Review6:11
In this lesson we will discuss the monitoring and review phase of the risk management process, assessing control effectiveness through continuous monitoring, reviews and audits, and detecting changes within your environment.
The risk management process - Auditability and Traceability2:11
In this lesson we will discuss how to ensure traceability in the risk management decision making process.
Risk Management - Maturity Models2:49
In this lesson we will discuss how you can apply various maturity models to your risk management processes.
Risk Management - Risk Assessment & Measurement1:01
In this lesson we will introduce the next section on risk assessment and measurement.

Introduction1:18
Introductory lesson and overview of the section.
Risk Assessment & Measurement - Terminology3:39
In this lesson we will introduce key terms and concepts regarding risk assessment.
The risk management process (recap)1:10
In this lesson we will perform a quick recap of the risk assessment process.
Risk Identification (Part 1)9:30
In this lesson we will discuss how to identify risks, threat sources, assets and vulnerabilities. We will also begin to build some risk scenarios.
Risk Identification (Part 2)6:56
In this lesson we will continue to build on the previous lesson and discuss useful information sources for helping to identify risks, assets and threats.
Risk Identification (Part 3)5:36
In this lesson we will discuss more useful sources of information for risk identification.
Risk Analysys4:13
In this lesson we will discuss how to develop an understanding of each risk.
Risk Analysis - Likelihood2:46
In this lesson we will discuss how to determine the likelihood of a risk and introduce some basic likelihood scales that can be used.
Risk Analysis - Consequence/Impact3:16
In this lesson we will discuss how to determine the impact of a risk and introduce several consequence categories for consideration and some possible scales that can be applied.
Risk Analysis - Consequence Examples7:38
In this lesson we will discuss examples of potential consequence scales and when/how they can be applied.
Risk Analysis - Risk Matrix5:56
In this lesson we will discuss various risk matrices (3x3, 4x4, 3x4 and 5x5) and how these can be applied.
Risk Analysis - Analysis Example (1)8:55
In this lesson we will perform the analysis of an unauthorized disclosure event to reinforce the concepts covered in previous lessons.
Risk Analysis - Analysis Example (2)5:52
In this lesson we will perform the analysis of another event (accidental disclosure) to further reinforce the concepts covered in previous lessons.
Risk Evaluation3:29
In this lesson we will discuss how to evaluate and determine the action(s) to take when evaluating risk and treatment options.
Risk Treatment3:34
In this lesson we will perform a quick recap of the risk treatment phase of the risk management framework.
Risk Treatment Plan Example (1)9:57
In this lesson we will work through an example of risk treatment and consider existing control effectiveness in the development of a risk treatment plan.
Risk Treatment Considerations2:52
In this lesson we will discuss key considerations when developing treatment plans and actions when treating risk.

Introduction1:05
Introductory lesson and overview of the section.
Creating an IT risk register1:47
In this lesson we will discuss the key considerations when creating and maintaining a risk register.
Example Excel risk register24:42
In this lesson we will walk through an example risk register (Excel) and discuss some Excel tips to simplify its creation and maintenance.
Risk governance - 3 lines of defence model5:36
In this lesson we will discuss the "3 lines of defense" model commonly used for risk governance.
Risk bowties7:03
In this lesson we will discuss "Risk Bowties" and walk through an example.

Requirements

No special requirements.

Description

In this course you will gain a solid understanding of risk management principles, processes, frameworks and techniques that can be applied specifically to cyber security as well as risk in general.

You will learn how to identify, assess and articulate risk as well as options available for treating risk and which may be most appropriate for your situation.

This course also provides examples of tools and techniques as well as useful tips that can help you to successfully implement and maintain a risk management framework within your organization.

Who this course is for:

Information Technology Managers
Information/Cyber Security Managers
Information Security Professionals
Anyone with an interest in gaining a general understanding of risk management as well as how it applies to information security

Cyber Security Risk Management

What you'll learn

Explore related topics

Course content

Introduction5 lectures • 20min

Risk Management25 lectures • 1hr 41min

Risk Management - Risk Assessment & Measurement17 lectures • 1hr 27min