- Applied Labs
- Table of Contents
- Course Objectives
PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
Revised and updated with the latest data in the field, the Second Edition of Managing Risk in Information Systems provides a comprehensive overview of the SSCP® Risk, Response, and Recovery Domain in addition to providing a thorough overview of risk management and its implications on IT infrastructures and compliance. Written by industry experts, and using a wealth of examples and exercises, this book incorporates hands-on activities to walk the reader through the fundamentals of risk management, strategies and approaches for mitigating risk, and the anatomy of how to create a plan that reduces risk.
- Provides a modern and comprehensive view of information security policies and frameworks
- Examines the technical knowledge and software skills required for policy implementation
- Explores the creation of an effective IT security policy framework
- Discusses the latest governance, regulatory mandates, business drives, legal considerations, and much more.
Ideal for use in Information Security courses or programs.
This title is available with a lab manual that allows students to put their classroom skills to work through numerous laboratory exercises.
|Lab #1:||Identifying Threats and Vulnerabilities in an IT Infrastructure|
|Lab #2:||Aligning Risks, Threats, & Vulnerabilities to the COBIT P09 Risk Management Controls|
|Lab #3:||Defining the Scope and Structure for an IT Risk Management Plan|
Performing a Qualitative Risk Assessment for an IT
Identifying Risks, Threats, and Vulnerabilities in an IT
Infrastructure Using Zenmap® GUI (Nmap) & Nessus® Reports
Developing a Risk-Mitigation Plan Outline for an IT
Performing a Business Impact Analysis for a Mock IT
|Lab #8:||Developing an Outline for a Business Continuity Plan for an IT Infrastructure|
|Lab #9:||Developing Disaster Recovery Backup Procedures and Recovery Instructions|
|Lab #10:||Creating a CIRT Response Plan for a Typical IT Infrastructure|
|Part 1: Risk Management Business Challenges|
|Chapter 1:||Risk Management Fundamentals|
|Chapter 2:||Managing Risk: Threats, Vulnerabilities, and Exploits|
|Chapter 3:||Maintaining Compliance|
|Chapter 4:||Developing a Risk Management Plan|
|Part 2: Mitigating Risk|
|Chapter 5:||Defining Risk Assessment Approaches|
|Chapter 6:||Performing a Risk Assessment|
|Chapter 7:||Identifying Assets and Activities to Be Protected|
|Chapter 8:||Identifying and Analyzing Threats, Vulnerabilities, and Exploits|
|Chapter 9:||Identifying and Analyzing Risk Mitigation Security Controls|
|Chapter 10:||Planning Risk Mitigation Throughout the Organization|
|Chapter 11:||Turning Your Risk Assessment into a Risk Mitigation Plan|
|Part 3: Risk Mitigation Plans|
|Chapter 12:||Mitigating Risk with a Business Impact Analysis|
|Chapter 13:||Mitigating Risk with a Business Continuity Plan|
|Chapter 14:||Mitigating Risk with a Disaster Recovery Plan|
|Chapter 15:||Mitigating Risk with a Computer Incident Response Team Plan|
- Explain the basic concepts of and need for risk management.
- Identify compliancy laws, standards, best practices, and policies of risk management.
- Describe the components of an effective organizational risk management program.
- Describe techniques for identifying relevant threats, vulnerabilities, and exploits.
- Identify risk mitigation security controls.
- Describe concepts for implementing risk mitigation throughout an organization.
- Perform a business impact analysis for a provided scenario.
- Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.
- Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization.
- Create a Computer Incident Response Team (CIRT) plan for an organization in a given scenario.
Instructor Resources include: