This course is an introduction to risk management as the principles and practices related to the cyber domain. Topics include an overview of traditional risk management processes, requirements, objectives, and tools. The course also covers the NIST-driven Risk Management Framework (RMF), which the US has adopted as its current national guidance on Cyber Security standards and practices.
Topics explored by the attendees upon completion of the course include:
- Risk-based approach to security control selection and specification
- Management of organizational risk: security of a systems components and its impact on the security of the system.
- Principles of unit testing: unit testing tools and techniques as distinguished from system-level testing.
- Supply chain risks: security threats and risks to both hardware and software in component procurement.