Course

Risk Management

Managing risks involves identifying threat actors both large and small. Learn key concepts related to risk management, including proper policies and procedures, business impact analysis, data destruction, quantitative and qualitative risk assessments, and how security must be applied to all phases of the information life cycle.

    Syllabus

  • Threat intelligence Video — 00:10:59
    • With the ever-changing IT threat landscape, how can you keep up with the latest security issues? Threat intelligence refers to the wide variety of open-source intelligence (OSINT) and proprietary IT security sources that use standards such as STIX and TAXII for cybersecurity intelligence sharing.

  • Defining risk Video — 00:08:23
    • Managing risk involves identifying threat actors from script kiddies to state-sponsored attackers. Mitigating threats is achieved by identifying assets and putting security controls in place to mitigate risks.

  • CompTIA Security+ SY0-601 Exam Objectives Video — 00:03:06
  • Third-party risk management Video — 00:08:29
    • Some business activities cannot be completed entirely within an organization and must be outsourced. Ensuring that proper security safeguards are in place throughout the hardware, software, and personnel supply chain results in a properly secured data, such as through data loss prevention (DLP) tools.

  • Data destruction Video — 00:06:04
    • Digital data resides on physical storage devices. Secure storage media disposal mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, must be put in place to ensure sensitive data cannot be retrieved by unauthorized users.

  • Data types and roles Video — 00:11:28
    • Protecting personally identifiable information, or PII, is crucial and required by security regulations such as GDPR, but of the vast amounts of data in an organization, how do you know which data is sensitive? The answer is through data roles and responsibilities assigned to personnel in conjunction with data discovery and classification tools on-premises and in the cloud.

  • Qualitative risk assessments Video — 00:03:54
    • The same risk can have a different impact to various organizations. Qualitative risk assessments use subjective priority ratings for risks rather than dollar values.

  • Ask me anything Video — 00:02:12
    • The use of social media platforms has skyrocketed in recent years. Organizations must take the appropriate steps to ensure that sensitive data is not leaked through this mechanism.

  • Risk assessments and treatments Video — 00:05:44
    • How can you determine whether assets are adequately protected from threats? One way is running periodic risk assessments to address the ever-changing threat landscape to define the likelihood and impact of security incidents.

  • Exam question review Video — 00:01:40
    • Threats are executed by a variety of different threat actors, each type having a different motivation for executing attacks. This episode presents a scenario where correct type of threat actor must be selected.

  • Risk management concepts Video — 00:07:23
    • A risk management framework aids in identifying and managing risk and is sometimes required for compliance with data privacy regulations such as GDPR and HIPAA. Organization security policies are often influenced by data privacy regulations.

  • Threats and vulnerabilities Video — 00:07:04
    • The CIA security triad (confidentiality, integrity and availability) describes how solutions such as encryption, hashing, and data backups can address potential attack vectors that might be exploited by threat actors.

  • Introduction to Security+ 601 Video — 00:00:42
    • Mike and Dan introduce the CompTIA Security+ (SY0-601) learning path.

  • Agreement types Video — 00:06:30
    • When organizations enter into business partnerships with third-party service providers, the agreements and contracts they both sign protect both organizations legally, as well as establish the terms of service. This episode covers the various types of business agreements.

  • Personnel risk and policies Video — 00:10:21
    • Hiring the right employees and contractors for the job always matters. Enacting internal security controls such as background checks, mandatory vacations, job rotation, and separation of duties goes a long way in ensuring the integrity of business processes.

  • Security and the information life cycle Video — 00:09:03
    • Security must be applied to all phases of the information life cycle, from collection to its eventual archiving and deletion. This includes data security techniques such as tokenization and masking, while considering how laws apply to data based on its location (data sovereignty).

  • Business Impact Analysis Video — 00:09:17
    • In addition to deploying effective security controls to protect assets, what can be done to ensure business continuity in the event of a security incident? A business impact analysis involves proactive planning to help reduce downtime and data loss when negative events occur.

  • Quantitative risk assessments Video — 00:06:37
    • Is the cost of a security control justified? A quantitative risk assessment uses various calculations against an asset to determine the maximum yearly spend for protecting that asset.

  • Wiping disks with the dd command lab Video — 00:05:38
    • When storage media has reached the end of its useful life, data must be wiped from it in a secure manner which can include using some built-in operating system tools. Linux administrators can use the dd command to wipe disk partitions by overwriting them with random data.

  • Security controls Video — 00:09:22
    • Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM) define what types of security controls to put in place to mitigate risk both on-premises and in the cloud. The specific type of attack vector determines whether managerial, operational, or technical controls should be deployed.

Syllabus

Course description

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library