Executive viewpoint on risk management methodology

Loading...

来自 University System of Georgia 的课程

The Business of Cybersecurity Capstone

24 个评分

University System of Georgia

The Business of Cybersecurity Capstone

24 个评分

课程 4（共 4 门，Specialization Cybersecurity: Developing a Program for Your Business）

This course intends to make the student familiar with information security management. When you have finished with this course you will know more about: • Governance: including the mission, roles and responsibilities of the InfoSec governance function, and the strategic planning process and InfoSec’s role in the organization’s strategic planning effort. • You will understand the various types of InfoSec policies and how effective information security policy is created and used. • Risk management and the risk management process • Certain laws and ethical issues impacting information security in the organization. And some common information security management practices such as benchmarking and performance measures.

从本节课中

Risk Management

This module will define risk management and explore the processes used by organizations to identify and control risk. This will include basic techniques used to identify and assess risk as well as exploration of the risk control strategies that can be used to help control risk. You will also experiment with reading an industry standard risk report that you will summarize and analyze as you assess operational risk for higher management as part of the ongoing case-based project.

The risk identification process4:51

The risk assessment process4:18

Executive viewpoint on risk management methodology2:15

与讲师见面

Dr. Humayun Zafar
Associate Professor of Information Security and Assurance
Information Systems
Dr. Traci Carte
Associate Professor Chair, Information Systems
Information Systems
Herbert J. Mattord, Ph.D., CISM, CISSP, CDP
Associate Professor in Information Security and Assurance
Information Systems
Mr. Andy Green
Lecturer of Information Security and Assurance
Kennesaw State University - Department of Information Systems
Michael Whitman, Ph.D., CISM, CISSP
Professor of Information Security
Information Systems

[SOUND] What risk management methodology do you follow,

and if it is customized for your needs, which of the major

models currently in use does it most closely resemble?

>> The risk management framework we're the most excited about is the NIST cyber

security framework.

It's a national framework that tries to pull together all the different economic

sectors, provide a common vocabulary and taxonomy, so

we can all start talking about risk the same way.

>> The common language does what for you?

What's the- >> What it does, when you think about how

cyber is evolving, we're all interconnected Internet of things,

the super computer that's in your pocket called the smartphone or

banking application or even in most cases the gas pump your interacting with.

Were also smart intelligent devices the whole

economic framework of the country becomes highly interconnected.

All having a common taxonomy let's just go to a power company or a gas company or any

other industry that we may be interacting with and begin with a common vocabulary

that let's us figure out how do we secure transactions, national infrastructure, or

allow client to do anything within they want to do in the internet safely.

>> So it's an interesting perspective though that what we want to do is

speak a common language so

that we can sort of achieve a common goal which is to maintain security but

in reality we have competitors and our businesses have competitors.

To what extent is it better to share and

work in combination with your competitors when it comes to security

versus thinking of security as a competitive advantage.

>> It's probably dangerous to think of security itself as something competitive.

We need to be secure in order to be part of a larger economic ecosystem.

We should never broker safety as something that's different than what it should be.

We shouldn't worry about whether or not one plane is safer than another.

We need all aircraft to be safe that's why the FAA does what they do.

By having a common framework we're less concerned about safety because we're

going to build that into how we interact as members of the digital community.

We need to compete on services not on safety.

[SOUND]

探索我们的目录

免费加入并获得个性化推荐、更新和优惠。

Coursera 致力于普及全世界最好的教育，它与全球一流大学和机构合作提供在线课程。

© 2019 Coursera Inc. 保留所有权利。

通过 App Store 下载

通过 Google Play 获取