Course Details

Previous Page

CISSP: Risk Management

Target Audience
Expected Duration
Lesson Objectives
Course Number

Risk management is an integral part of overall information systems security. In this course, you'll learn about personnel security best practices, risk management concepts, and risk analysis techniques. You'll also be introduced to threat modeling best practices, countermeasure selection, and implementing risk controls. Finally, this course covers risk monitoring and reporting best practices. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Information Systems Security Professional (CISSP) exam.

Target Audience
Individuals interested in information systems security concepts, methodologies and best practices; candidates for the Certified Information Systems Security Professional (CISSP) exam


Expected Duration (hours)

Lesson Objectives

CISSP: Risk Management

  • start the course
  • identify best security practices for screening employee candidates
  • identify best security practices for employment agreements and policies
  • identify best security practices for employment termination processes
  • identify best security control practices when partnering with vendors, consultants and contractors
  • identify best practices for establishing personnel security compliance policies
  • identify best practices for implementing personnel security policies
  • identify security threats and vulnerabilities
  • distinguish between qualitative, quantitative, and hybrid risk assessment strategies
  • identify options for assigning and accepting risk
  • select risk countermeasures
  • implement risk countermeasures and controls
  • distinguish between preventive, detective, and corrective risk control types
  • identify best practices for assessing risk controls
  • identify best practices for measuring and monitoring risk
  • specify the purpose of valuating assets
  • identify best practices for reporting risk management activities and findings
  • specify the purpose and best practices of continuous improvement as a result of risk management activities
  • identify appropriate risk frameworks
  • identify threats using threat modeling techniques
  • use threat trees to diagram potential attacks
  • identify best practices when performing a reduction analysis
  • distinguish between different technologies and processes that can be used to remediate threats
  • identify best practices for ensuring risk considerations are applied when outsourcing hardware, software and services
  • recognize third-party assessment and monitoring techniques for risk mitigation
  • identify best practices when establishing minimum security requirements for acquisition activities
  • use an SLA to define appropriate service-level requirements
  • specify appropriate information system training, education and awareness levels for an organization
  • identify best practices for conducting periodic reviews for content relevancy
  • select appropriate techniques for assessing risk and implementing risk remediation options
  • Course Number: