Overview

Information Security Risk Management (ISRM) is the process around identification, evaluation, treatment and monitoring of information security risks. The goal of information security risk management is to raise awareness of existing threats and establish a framework around the treatment of such through policies, procedures, and technology, overall aiming to reduce the risk from various data threats like cyber-attacks, insider threats, environmental disasters, third parties and others. Information risk is a calculation based on the likelihood that an unauthorized entity will negatively impact the confidentiality, integrity and/or availability of data that you collect, transmit, or store and the potential negative impact this could lead to.

As you progress throughout the course, you will learn the concepts around information security risk management. You would familiarize yourself with enterprise risk assessment, compliance risk assessment, risk treatment and the effect of these on an organization. You would familiarize yourself with vulnerability management, vendor and third-party risk management. Next, you will learn action tracking and auditing. In addition, you will learn to assess security controls and their implementation and influence on information risks. Finally, you will learn to monitor and re-evaluate risks and risk treatment plans.

By the end of the course, you will be able to establish a framework around risk identification, evaluation, action and continuous monitoring, including the identification and enforcement of controls that reduce the possibility of systems, networks, and software being compromised by cyber-attack or other unauthorized activity.