Explore
For Enterprise
Join for Free
Log In

University of Michigan
Applications for Michigan’s MPH degree are now open
Apply by May 1, 2020 to earn your master’s degree online from a top-rated program.
University of Pennsylvania
Earn an Ivy League CS Master’s designed for non-CS majors
Register now for Penn Engineering's Tips for Breaking into the Tech Industry webinar.

浏览 Coursera 的全部课程

浏览
顶级课程
企业版
登录
免费加入

The risk assessment process

Loading...

The Business of Cybersecurity Capstone

乔治亚大学系统

4.8（29 个评分） | 324 名学生已注册

课程 4（共 4 门，Cybersecurity: Developing a Program for Your Business 专项课程）

This course intends to make the student familiar with information security management. When you have finished with this course you will know more about: • Governance: including the mission, roles and responsibilities of the InfoSec governance function, and the strategic planning process and InfoSec’s role in the organization’s strategic planning effort. • You will understand the various types of InfoSec policies and how effective information security policy is created and used. • Risk management and the risk management process • Certain laws and ethical issues impacting information security in the organization. And some common information security management practices such as benchmarking and performance measures.

查看授课大纲

审阅

4.8（29 个评分）

5 stars
26 ratings
4 stars
2 ratings
1 star
1 ratings

MT

Sep 25, 2017

Great course. Provides a great hands on insight and experience with Cybersecurity

C

Mar 10, 2017

Great course that provides good insights into the world of CyberSecurity!

从本节课中

Risk Management

This module will define risk management and explore the processes used by organizations to identify and control risk. This will include basic techniques used to identify and assess risk as well as exploration of the risk control strategies that can be used to help control risk. You will also experiment with reading an industry standard risk report that you will summarize and analyze as you assess operational risk for higher management as part of the ongoing case-based project.

The risk identification process4:51

The risk assessment process4:18

Executive viewpoint on risk management methodology2:15

教学方

Dr. Humayun Zafar
Associate Professor of Information Security and Assurance
Dr. Traci Carte
Associate Professor Chair, Information Systems
Herbert J. Mattord, Ph.D., CISM, CISSP, CDP
Associate Professor in Information Security and Assurance
Mr. Andy Green
Lecturer of Information Security and Assurance
Michael Whitman, Ph.D., CISM, CISSP
Professor of Information Security

以免费的价格试听课程

脚本

[SOUND] In order to begin the risk assessment phase, the organization uses the list of information assets it has identified and prioritizes assets and the threats facing them to compare information assets to threats. The resulting list of vulnerabilities are those that remain risks to the organization. This list should be created for each information asset to document its vulnerability to each possible or likely attack. The best way found to do this documentation is the threat vulnerability asset, or TVA, Table. As shown, it would list assets along the x-axis from most to least valuable and lists threats along the y-axis from most to least dangerous. At the intersection of the asset and threat pair, list the vulnerabilities that the threat might use to cause a loss to the asset. Now, we move onto assess the risk that exists in each of the TVA tables. Risk is commonly calculated as the likelihood that a threat to an asset will result in an adverse impact which is then multiplied by the consequences or impact of that attack. [INAUDIBLE] That value is then increased by an estimate of how reliable our values of both likelihood and impact are, known as a confidence interval. Many approaches to assessing likelihood exist. One example of some likelihood ratings on a scale of 0 to 5 is shown here. Likewise, there are many ways to assess impact. Here is an example of some impact ratings on a scale of zero to five. Before the organization can proceed with the final phase of risk management, activities, which is risk control, it needs to understand how much risk is acceptable to management. Some organizations have a very low tolerance for risk. Such as banking and other financial services firms. Other types of organization may tolerate more risk. The amount of risk that remains after all current levels are implemented is known as residual risk. Any organization may reach a point in the risk management process and find that the documented residual risk is low enough to accept being within the bounds of its risk appetite. They would end the current risk management cycle and document everything for the next cycle. Once the organization has assessed the current level of risk facing its information assets and defined its risk appetite, it can move to the final phase of risk management. [SOUND] And that's called Risk Control. In the Risk Control phase, organizations employ one or more of the five strategies of risk control. Defense, which is applying safeguards that eliminate or reduce the remaining uncontrolled risk. Transference, which is shifting risk to other areas or outside entities. Mitigation, which is reducing the impact to information assets should an attacker successful exploit a vulnerability. Acceptance. That's understanding the consequences of choosing to leave a risk uncontrolled and then formally accepting the risk that remains without an attempt at control. And the final is termination. And that's removing or discontinuing the information asset from the organization's operating environment all together. Risk management is an essential process for every organization. There are many formalized models for risk management in the marketplace, and many organizations are using consulting resources to assist them in finding the optimum means to reduce operational risk. [NOISE]

探索我们的目录

免费加入并获得个性化推荐、更新和优惠。

热门在线课程

适用于所有人的人工智能课程
TensorFlow 简介
神经网络与深度学习
算法第 1 部分
算法第 2 部分
机器学习
使用 Python 进行机器学习
使用 SAS Viya 进行机器学习
R 语言程序设计（中文版）
Matlab 编程入门
使用 Python 进行数据分析
AWS 基础知识：走向云原生
Google 云端平台基础知识
网站可靠性工程
英语专业说
幸福科学
选修“如何学习”这门课
金融市场
公共健康领域的假设检验
日常领导基础知识

热门在线专项课程

深度学习
零基础 Python 入门
数据科学
借助 Python 应用数据科学
商务基础
Architecting with Google Cloud Platform
Google 云端平台数据工程
Excel 到 MySQL
高级机器学习
数学在机器学习领域的应用
自动驾驶汽车
企业区块链革命
商业分析
Excel 办公技能
数字化营销
使用 R 进行公共健康领域的统计分析
免疫学基础知识
解剖学
管理创新和设计思维
积极心理学基础知识

在线证书

Google IT 支持
IBM 客户关系专员
IBM 数据科学
应用项目管理
IBM Applied AI 专业证书
用于分析的机器学习
空间数据分析和可视化
建筑工程与管理
教学设计

在线学位课程

数据科学硕士
计算机科学学士学位
计算机科学与工程学位
机器学习硕士
MBA 和商学学位
电气工程硕士
公共健康硕士
信息技术硕士

Coursera

About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus

社区

Learners
Partners
Developers
Beta Testers
Translators
Blog
Tech Blog

更多

Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates

通过 Google Play 获取

© 2020 Coursera Inc.保留所有权利。