Information & Cyber Security: GRC and Risk Management
This course walked through a complete, practical approach to performing information and cybersecurity risk assessments across a business lifecycle, using a running cloud-migration case st...
This course builds on foundational information security governance, risk, and compliance (GRC) concepts to focus specifically on performing risk assessments throughout the business lifecycle. It covers why and how to assess information and cybersecurity risk, how to build business impact assessments (BIAs) using a service-oriented approach, and how to determine the likelihood of compromise based on controls, so that a risk assessment can communicate clear, actionable messages to executives. The material uses a running scenario throughout: Globomantics Airport, which is undertaking a cloud migration program covering three representative systems — a public customer information website, an HR system, and an aviation/luggage screening system — hosted (in whole or in part) by two candidate cloud service providers, AeroStream and NovaNest.
Answering these requires a structured way to understand what can lead to an undesirable disruption event and how likely that is to occur. Risk treatment (what you actually do about an assessed risk) is a related but separate topic.
Threats successfully cause a breach of confidentiality, integrity, or availability by exploiting vulnerabilities. Whether...
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
7 sections- 1 Table of Contents
- 2 Module 1: Introducing Information Security Risk Assessments
- 3 Module 2: Common Procedures and Objectives for Risk Assessments
- 4 Module 3: Building a Business Impact Assessment
- 5 Module 4: Building Risk Scenarios and Assessing Likelihood
- 6 Module 5: Business Lifecycle and Risk
- 7 Summary
More Governance, Risk & Compliance courses
View all 12Governance, Security and GRC
governance · security · grc · risk · compliance · networking · systems · information · controls · impact · processes · program · regulatory.
Government Facilities: Specialized Engineering
government · facilities · specialized · engineering · governance · risk · compliance · networking · systems · security · controls · physical · assessing · dod · environmental · facility ·...
Information Systems Operations and Business Resilience (ISACA CISA)
This domain — information systems operations and business resilience — is worth 26% of the CISA examination when combined with its companion operations-focused course. The business-resili...
Microsoft Security, Compliance and Identity Fundamentals
In IT, compliance is a set of digital security requirements and practices. Following compliance requirements helps ensure that a company's business processes are secure and that sensitive...
NIST Risk Management Framework (RMF)
The RMF is a process model consisting of seven clearly defined steps, each with specific associated activities. While it is often described sequentially, it is in fact an iterative model:...
Protection of Information Assets: Security Event Management (ISACA CISA)
Every technology, process, and policy in an organization must be monitored to confirm that the technology is functioning correctly, that policies remain current, and that procedures repre...
Interested in this course?
Contact us to book it or get a custom training plan for your team.