While protecting information assets is the primary goal of an information security program, risk management determines the balance between resources, compliance, and security. In this course, Information Security Manager: Information Risk Management, you'll gain a solid foundational knowledge of the risk management aspect of security, as well as skills you can use to effectively manage risk in your organization. First, you'll learn how to classify and assign value to information assets, determine legal and governance requirements for risk management, and how to quantify the elements of risk. Next, you'll explore how to conduct risk assessments and analysis to determine the amount of risk present. Finally, you'll discover risk response options, how to implement them, measure them, and report on risk. By the end of this course, you'll be well-versed in information risk management and how it affects an information security program.
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.
Course Overview I'm Bobby Rogers, and welcome to the Information Security Manager: Information Risk Management course. I'm a cybersecurity analyst, and I work as a contractor securing information systems for the U. S. government specializing in cyber risk management. Compliance, security, and risk aren't all the same thing. Rather than approach information asset protection from a strict compliance view, risk management requires looking at different changing aspects of security--assets, threats, vulnerabilities, and the likelihood and impact of a negative event. That's why we produced this course that covers implementing information risk management within your organization. We're going to talk about the key things you need to know in order to effectively manage all the aspects of risk within your organization. Some of the major topics that we'll cover include managing information assets, risk governance, risk assessment and analysis, implementing risk response, and managing information security controls. By the end of this course, you'll understand what goes into implementing an information risk management program and how critical it is in protecting assets, ensuring compliance, and saving resources. Before beginning the course, you should be familiar with security concepts and terminology associated with security management, data classification and sensitivity, and requirements for compliance within your organization. Please join me on this journey to learn and understand risk management with the Information Security Manager: Information Risk Management course from Pluralsight.