Fundamentals of Information Security Risk Management
This Lesson looks at the key aspects of risk management, including risk identification, risk mitigation, and risk controls. We look at the ISO frameworks and the processes you can put in place to manage risks within your organisation.
We then move on to how to assess and identify risks. We look at the difference between qualitative and quantitative risk assessments, as well as considering the guidelines set out by NIST. We move on to look at the main tenants of risk mitigation, which include risk reduction, risk avoidance, risk transfer, and risk retention, before finally looking at the controls you can put in place to counteract risks.
Learning objectives
- Understand the organisational processes needed to manage risks.
- Learn how to assess and identify risks.
- Learn about risk reduction, risk avoidance, risk transfer, risk retention, and risk controls.
Intended audience
This Lesson is intended for anyone who wants to improve their knowledge of risk management in an information security context.
Prerequisites
We recommend taking this Lesson as part of the IT Security Fundamentals Course.
