Practical Risk Management and Assessement



We deliver training live-on-line, on site, and on demand.

This course is a practical way to develop the knowledge, skills, and abilities necessary to protect an organization using cyber security risk management techniques. It is possible to develop an enterprise risk management strategy as a capstone project in this course.

Students will become cybersecurity professional community members.

Practice in this course will lead to excellence in cybersecurity risk management.

The course instructs students on designing, engineering, implementing and running an information security program.

If your organization would like this course at a particular time or location, it is available for groups greater than 8 with a contract. 

Security / Managerial

This course fulfills NICE/NICCS Categories and Roles:

  • Securely Provision (SP) Authorizing Official SP-RSK-001

We have found the NIST RMF to be difficult to implement practically. This course will balance between what is expected and what is achievable in risk without breaking the operational activity.

We expect every student to achieve the knowledge, skills, and abilities necessary to develop and support an enterprise risk management  program. Students will be responsible for advising the senior officials on whether an action is reasonable based upon their knowledge of the threats, controls, and vulnerabilities, to the assets of the organization.

  • Identify and use computer networking concepts, protocols, and network security methodologies.
  • Understand basic risk management processes.
  • Execute secure network administration principles.
  • Distinguish and differentiate cyber threats and vulnerabilities.
  • Manage a team of three for two years.
  • Perform team member evaluations.
  • Write and/or review vendor contracts, statements of work, or memorandums of understanding.

Upon completion of the course the student will be able to convey to management risk compliance and decision-support. Technicians in the field will have a clear executable path on how to collect unbiased data for a risk assessment in a brief effective way. Management will be able to consume and reduce  risk assessment data for a quantitative analysis. 

  • Transitioning Heat Maps to quantitative analysis
  • Building go/nogo questionnaires
  • Risk Assessment Calculations
  • Application security risks
  • Apply cybersecurity and privacy principles to organizational requirements.
  • Controls related to the use, processing, storage, and transmission of data.
  • Coordinate cyber operations with other organization functions or support activities.
  • Methods for evaluating, implementing, and disseminating security assessment.
  • Cyber defense and vulnerability assessment tools and their capabilities.
  • Discerning the protection needs of information systems and networks.
  • Identify critical infrastructure systems that were designed without system security.
  • Identify external partners with common cyber operations interests.
  • Information technology security principles and methods.
  • Manage and approve accreditation packages.
  • Network security architecture concepts.
  • Organization’s enterprise information security architecture.
  • Organization’s evaluation and validation requirements.
  • Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Risk management framework requirements.
  • Security architecture concepts and enterprise architecture reference models.
  • Security models.
  • Structured analysis principles and methods.
  • Supply chain risk management practices
  • System and application security threats and vulnerabilities.
  • Systems diagnostic tools and fault identification techniques.
  • Processing the organization’s core business/mission processes.
  • Understand technology, management, and leadership issues related to processes and problem solving.
  • Understand the basic concepts and issues related to cyber and its organizational impact.
  • Vulnerability information dissemination sources.

All courses are available in live-on-line format.

There are 9 different methods of possible exercises used throughout the course in one-hour class meetings. As soon as students become accustomed to a particular flow, or they get comfortable, the instructor will switch methods. Some examples include: GRCME, threats and controls, case studies, risk analysis practice, and reading review. 

Before class students will complete mindmaps, assigned readings, take practice quizzes, submit case study information, and build flashcards. Each activity is graded as needed.

We use a customized text developed by our internal experts. This text covers the latest best practices, current state of security and technology. All students are required to have a working computer, microphone, and earbuds.

  • 20 total sessions
  • 1 hour per session
  • 2 sessions per week
  • 10 weeks with 2 break weeks (also called ‘dark weeks’)
  • Orientation is held for 90 minutes before first live class.
  • Class meeting times are listed on the public calendar.