Risk Management



We deliver training live-on-line, on site, and on demand.

This course is a practical way to develop the knowledge, skills, and abilities necessary to protect an organization using cyber security risk management techniques. It is possible to develop an enterprise risk management strategy as a capstone project in this course.

Students will become cybersecurity professional community members.

Practice in this course will lead to excellence in cybersecurity risk management.

The course instructs students on designing, engineering, implementing and running an information security program.

If your organization would like this course at a particular time or location, it is available for groups greater than 8 with a contract. 

Security / Managerial

This course fulfills NICE/NICCS Categories and Roles:

  • Securely Provision (SP) Authorizing Official SP-RSK-001

We expect every student to achieve the knowledge, skills, and abilities necessary to develop and support an enterprise risk management  program. Students will be responsible for advising the senior officials on whether an action is reasonable based upon their knowledge of the threats, controls, and vulnerabilities, to the assets of the organization.

  • Identify and use computer networking concepts, protocols, and network security methodologies.
  • Understand basic risk management processes.
  • Execute secure network administration principles.
  • Distinguish and differentiate cyber threats and vulnerabilities.
  • Manage a team of three for two years.
  • Perform team member evaluations.
  • Write and/or review vendor contracts, statements of work, or memorandums of understanding.

Upon completion of the course the student should be able to oversee, evaluate, and support the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology systems meet the organization’s cybersecurity and risk requirements. They will ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

  • Applicable laws and/or administrative/criminal legal guidelines and procedures.
  • Application security risks
  • Apply cybersecurity and privacy principles to organizational requirements.
  • Apply cybersecurity and privacy principles to organizational requirements.
  • Assess and forecast manpower requirements to meet organizational objectives.
  • Confidentiality, integrity, and availability principles.
  • Controls related to the use, processing, storage, and transmission of data.
  • Coordinate cyber operations with other organization functions or support activities.
  • Cryptography and cryptographic key management concepts
  • Methods for evaluating, implementing, and disseminating security assessment.
  • Cyber defense and vulnerability assessment tools and their capabilities.
  • Cybersecurity and privacy principles and organizational requirements.
  • Develop policy, plans, and strategy in compliance with laws and in support of organizational cyber activities.
  • Discerning the protection needs of information systems and networks.
  • Embedded systems.
  • Establish acceptable limits for the software application, network, or system.
  • Identify critical infrastructure systems that were designed without system security.
  • Identify external partners with common cyber operations interests.
  • Information technology security principles and methods.
  • Information technology supply chain security and risk management administrative controls.
  • Interpret laws, regulations, policies, and guidance relevant to organization cyber objectives.
  • Manage and approve accreditation packages.
  • Network security architecture concepts.
  • New and emerging information technology and cybersecurity technologies.
  • Organization’s enterprise information security architecture.
  • Organization’s evaluation and validation requirements.
  • Payment card industry data security standards.
  • Penetration testing principles, tools, and techniques.
  • Personally identifiable information data security standards.
  • Relate strategy, business, and technology in the context of organizational dynamics.
  • Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Risk management framework requirements.
  • Security architecture concepts and enterprise architecture reference models.
  • Security assessment and authorization process.
  • Security models.
  • Structured analysis principles and methods.
  • Supply chain risk management practices
  • System and application security threats and vulnerabilities.
  • Systems diagnostic tools and fault identification techniques.
  • The organization’s core business/mission processes.
  • The organization’s enterprise information technology goals and objectives.
  • Understand technology, management, and leadership issues related to processes and problem solving.
  • Understand the basic concepts and issues related to cyber and its organizational impact.
  • Vulnerability information dissemination sources.

All courses are available in live-on-line format.

There are 9 different methods of possible exercises used throughout the course in one-hour class meetings. As soon as students become accustomed to a particular flow, or they get comfortable, the instructor will switch methods. Some examples include: GRCME, threats and controls, case studies, risk analysis practice, and reading review. 

Before class students will complete mindmaps, assigned readings, take practice quizzes, submit case study information, and build flashcards. Each activity is graded as needed.

We use a customized text developed by our internal experts. This text covers the latest best practices, current state of security and technology. All students are required to have a working computer, microphone, and earbuds.

  • 1 hour per session
  • 3 sessions per week
  • 10 weeks with 2 break weeks (also called ‘dark weeks’)
  • Orientation is held for 90 minutes before first live class.
  • Class meeting times are listed on the public calendar.