Learning Outcomes:

• Learn the IT Security relationship between risk, threat, vulnerability, impact, asset, exposure and safeguard.
• Discuss the quantitative way of conducting Risk Analysis.
• Discuss and compute for ALE, SLE, TCO and ROI.
• Discuss the ways in creating risk matrix when doing assessments.
• Discuss the application of qualitative risk management when developing SLA, KPIs and metrics.
• Discuss and demonstrate ways on how to create a business case and how it is defended to the Execom/Mancom for approval.
• Discuss persuasion techniques on how the business case can be approved.

Reference Materials:

• Slide Deck
• E-book
• Online Lecture (Subscribe to get more videos)

Supplementary Articles:

• Performing a Security Risk Assessment
• How to Perform a Cyber Security Risk Assessment
• Cybersecurity Risk Assessment
• 7 steps to a successful ISO 27001 risk assessment

Video Lessons:

• Risk Analysis and Management
• Introduction to Risk Assessment

Case Assignments:

• Australian tech unicorn Canva suffers security breach
• 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
• Target Hacked: Retailer Confirms ‘Unauthorized Access’ Of Credit Card Data

Assessment:

• Recitation
• Case Analysis