Prioritization and Risk Assessment Course

This course covers how to classify and prioritize vulnerabilities based on real-world criticality measures and how to define the true risk of the vulnerabilities for a specific environment.

1 hour, 11 minutes

Course description

This course focuses on the most important parts of the vulnerability assessment process — vulnerability prioritization and risk evaluation. We will be incorporating inputs from various systems and databases for threat intelligence to assign priority to the discovered vulnerabilities. With that priority-based approach, the most critical issues posing the biggest threats are assessed and addressed first. Risk assessment is covered in depth, using a structured and customizable process for deriving accurate risk scores.

Syllabus

Security Risk Assessment (SRA)

Video - 00:19:00

What is a security risk assessment and how do we conduct it?
Defining the Custom Risk Matrix

Video - 00:10:00

Constructing a risk matrix to help us quantify the risks to our organization introduced by security vulnerabilities.
Identifying Assets at Risk

Video - 00:09:00

Helping you identify potential attack targets in your environment.
Knowing Your Environment

Video - 00:13:00

We will look at what you need to know about your system to carry out a thorough assessment.
Intelligent Prioritization

Video - 00:20:00

What do you do if you have a huge list of vulnerabilities and only limited time and resources? You prioritize! We will examine the most important factors defining vulnerability priority.

Meet the author

Mitko Katsev

Mitko Katsev has over a decade of work experience in cybersecurity, systems architecture, and software development. His full-service security consultancy company ArmadilCo specializes in helping startups to top fortune 500 medical device manufacturers build and maintain secure systems.

Mitko has studied system programming and computer engineering and has completed several InfoSec/AppSec trainings and certifications, including SANS Defensible Security Architecture and Engineering (SEC530), SANS Defending Against Adversaries - Purple Team Tactics (SEC599), multiple Microsoft security development lifecycle (SDL) trainings and more.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust