BSIU Course Number: 3432
This course provides a unique, in-depth look at how to manage and reduce IT-associated risks. You will learn about the Systems Security Certified Practitioner (SSCP) risk, response, and recovery domain in addition to risk management and its implications on IT infrastructures and compliance. Using examples and exercises, this course incorporates hands-on activities related to fundamentals of risk management, strategies, and approaches for mitigating risk. You will also learn how to create a plan that reduces risk. Additional course assets include case scenarios and handouts and eBook (via CourseSmart).
Certification:
This course, written by Darril Gibson, author of the book CompTIA Security +: Get Certified, Get Ahead, covers content within the following industry certification exams:
Certified Information Systems Security Professional (CISSP) – two content domains covered
Security + – “Compliance and Operational Security” domain covered
System Security Certified Practitioner (SSCP) – “Risk, Response, and Recovery” domain covered
National Institute of Standards and Technology (NIST) – “Incident Response” domain covered
8570.01 – “Compliance and Operational Security” domain covered
Learn the:
- Basic concepts of and need for risk management
- Compliancy laws, standards, best practices, and policies of risk management
- Components of an effective organizational risk management program
- Techniques for identifying relevant threats, vulnerabilities, and exploits
- Risk mitigation security controls
- Concepts for implementing risk mitigation throughout an organization
- Perform a business impact analysis for a provided scenario
- Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization
- Create a disaster recovery plan (DRP) based on the findings of a given risk assessment for an organization
- Create a computer incident response team (CIRT) plan for an organization in a given scenario
This is course is recommended for:
Information security analysts
Payroll specialists
IT infrastructure security specialists
People who decide which information technology and cybersecurity products to acquire for their organization
Prerequisites
General knowledge of networking and management information systems
Follow-On Courses
Security Policies and Implementation Issues
Auditing IT Infrastructures for Compliance
Access Control, Authentication, and Public Key Infrastructure
Security Strategies in Windows Platforms and Applications
Network Security, Firewalls, and VPNs
Systems Forensics, Investigation, and Response
Course Outline
- Risk Management Business Challenges
- Mitigating Risk
- Risk Mitigation Plans
Labs
Lab 1: How to Identify Threats and Vulnerabilities in an IT Infrastructure
Lab 2: Align Threats and Vulnerabilities to the COBIT P09 Risk Management Controls
Lab 3: Define the Scope and Structure of an IT Risk Management Plan
Lab 4: Perform a Qualitative Risk Assessment for an IT Infrastructure
Lab 5: Identify Risks, Threats, and Vulnerabilities in an IT Infrastructure Using Zenmap GUI (Nmap) and
Nessus® Reports
Lab 6: Develop a Risk Mitigation Plan Outline for an IT Infrastructure
Lab 7: Perform a Business Impact Analysis for a Mock IT Infrastructure
Lab 8: Develop an Outline for a Business Continuity Plan for an IT Infrastructure
Lab 9: Develop Disaster Recovery Back-up Procedures and Recovery Instructions
Lab 10: Create a CIRT Response Plan for a Typical IT Infrastructure