Module 1: Risk Management

Learning Outcomes:

  • Learn the IT Security relationship between risk, threat, vulnerability, impact, asset, exposure and safeguard.
  • Discuss the quantitative way of conducting Risk Analysis.
  • Discuss and compute for ALE, SLE, TCO and ROI.
  • Discuss the ways in creating risk matrix when doing assessments.
  • Discuss the application of qualitative risk management when developing SLA, KPIs and metrics.
  • Discuss and demonstrate ways on how to create a business case and how it is defended to the Execom/Mancom for approval.
  • Discuss persuasion techniques on how the business case can be approved.

Reference Materials:

Supplementary Articles:

Video Lessons:

Case Assignments:


  • Recitation
  • Case Analysis