EncartaLabs

Cyber Security Risk Assessment & Management

( Duration: 4 Days )

In Cyber Security Risk Assessment & Management Training course, Participants will:

  • Implement a standards-based, proven methodology for assessing and managing the risks to your organization’s information infrastructure
  • Apply Operational Risk Management (ORM) to information systems
  • Institute actionable security mechanisms with measurable results
  • Select and tailor security controls that satisfy requirements
  • Maintain an acceptable security posture over the system life cycle

Anyone in a position of responsibility for developing, acquiring, operating and sustaining an information system.

COURSE AGENDA

1

Introduction to Risk Assessment and Management

  • Ensuring compliance with applicable regulatory drivers
  • Protecting the organization from unacceptable losses
  • Describing the Risk Management Framework (RMF)
  • Applying NIST/ISO risk management processes
2

Characterizing System Security Requirements

  • Defining the system
    • Prescribing the system security boundary
    • Pinpointing system interconnections
    • Incorporating the unique characteristics of Industrial Control Systems (ICS) and cloud-based systems
  • Identifying security risk components
    • Estimating the impact of compromises to confidentiality, integrity and availability
    • Adopting the appropriate model for categorizing system risk
  • Setting the stage for successful risk management
    • Documenting critical risk assessment and management decisions in the System Security Plan (SSP)
    • Appointing qualified individuals to risk governance roles
3

Selecting Appropriate Security Controls

  • Assigning a security control baseline
    • Investigating security control families
    • Determining the baseline from system security risk
  • Tailoring the baseline to fit the system
    • Examining the structure of security controls, enhancements and parameters
    • Binding control overlays to the selected baseline
    • Gauging the need for enhanced assurance
    • Distinguishing system-specific, compensating and non-applicable controls
4

Reducing Risk Through Effective Control Implementation

  • Specifying the implementation approach
    • Maximizing security effectiveness by “building in” security
    • Reducing residual risk in legacy systems via “bolt-on” security elements
  • Applying NIST/ISO controls
    • Enhancing system robustness through selection of evaluated and validated components
    • Coordinating implementation approaches to administrative, operational and technical controls
    • Providing evidence of compliance through supporting artifacts
5

Assessing Compliance Scope and Depth

  • Developing an assessment plan
    • Prioritizing depth of control assessment
    • Optimizing validation through sequencing and consolidation
    • Verifying compliance through tests, interviews and examinations
  • Formulating an authorization recommendation
    • Evaluating overall system security risk
    • Mitigating residual risks
    • Publishing the Plan of Action and Milestones (POA&M), the risk assessment and recommendation
6

Authorizing System Operation

  • Aligning authority and responsibility
    • Quantifying organizational risk tolerance
    • Elevating authorization decisions in high-risk scenarios
  • Forming a risk-based decision
    • Appraising system operational impact
    • Weighing residual risk against operational utility
    • Issuing Authority to Operate (ATO)
7

Maintaining Continued Compliance

  • Justifying continuous reauthorization
    • Measuring impact of changes on system security posture
    • Executing effective configuration management
    • Performing periodic control reassessment
  • Preserving an acceptable security posture
    • Delivering initial and routine follow-up security awareness training
    • Collecting on-going security metrics
    • Implementing vulnerability management, incident response and business continuity processes

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 3,500 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 20,000 corporate candidates across india and abroad
  • All our trainings are conducted in workshop mode with more focus on hands On

View our other course offerings by visiting www.encartalabs.com/course-catalogue

Contact us for delivering this course as a public/open-house workshop for a group of 10+ candidates at our venue

Top