homepage
Menu
Open menu
  • Training
    Go one level top Back

    Training

    • Courses

      Build cyber prowess with training from renowned experts

    • Hands-On Simulations

      Hands-on learning exercises keep you at the top of your cyber game

    • Certifications

      Demonstrate cybersecurity expertise with GIAC certifications

    • Ways to Train

      Multiple training options to best fit your schedule and preferred learning style

    • Training Events & Summits

      Expert-led training at locations around the world

    • Free Training Events

      Upcoming workshops, webinars and local events

    • Security Awareness

      Harden enterprise security with end-user and role-based training

    Featured: Solutions for Emerging Risks

    Discover tailored resources that translate emerging threats into actionable strategies

    Risk-Based Solutions

    Can't find what you are looking for?

    Let us help.
    Contact us
  • Learning Paths
    Go one level top Back

    Learning Paths

    • By Focus Area

      Chart your path to job-specific training courses

    • By NICE Framework

      Navigate cybersecurity training through NICE framework roles

    • DoDD 8140 Work Roles

      US DoD 8140 Directive Frameworks

    • By European Skills Framework

      Align your enterprise cyber skills with ECSF profiles

    • By Skills Roadmap

      Find the right training path based on critical skills

    • New to Cyber

      Give your cybersecurity career the right foundation for success

    • Leadership

      Training designed to help security leaders reduce organizational risk

    • Degree and Certificate Programs

      Gain the skills, certifications, and confidence to launch or advance your cybersecurity career.

    Featured

    New to Cyber resources

    Start your career
  • Community Resources
    Go one level top Back

    Community Resources

    Watch & Listen

    • Webinars
    • Live Streams
    • Podcasts

    Read

    • Blog
    • Newsletters
    • White Papers
    • Internet Storm Center

    Download

    • Open Source Tools
    • Posters & Cheat Sheets
    • Policy Templates
    • Summit Presentations
    • SANS Community Benefits

      Connect, learn, and share with other cybersecurity professionals

    • CISO Network

      Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

  • For Organizations
    Go one level top Back

    For Organizations

    Team Development

    • Why Partner with SANS
    • Group Purchasing
    • Skills & Talent Assessments
    • Private & Custom Training

    Leadership Development

    • Leadership Courses & Accreditation
    • Executive Cybersecurity Exercises
    • CISO Network

    Security Awareness

    • End-User Training
    • Phishing Simulation
    • Specialized Role-Based Training
    • Risk Assessments
    • Public Sector Partnerships

      Explore industry-specific programming and customized training solutions

    • Sponsorship Opportunities

      Sponsor a SANS event or research paper

    Interested in developing a training plan to fit your organization’s needs?

    We're here to help.
    Contact us
  • Talk with an expert
  • Log In
  • Join - it's free
  • Account
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. From Uncertainty to Strategy: A New Course to Master Cybersecurity Risk and Compliance
370x370_James-Tarala.jpg
James Tarala

From Uncertainty to Strategy: A New Course to Master Cybersecurity Risk and Compliance

Introducing the new SANS LDR519: Cybersecurity Risk Management and Compliance course.

June 24, 2024

Introducing the new SANS LDR519: Cybersecurity Risk Management and Compliance course. This advanced course delves into the theories and philosophies of cybersecurity risk management, providing a deep understanding of principles guiding organizational decisions. LDR519 covers cybersecurity threat models, safeguard frameworks, and long-term risk management skills. By combining theoretical knowledge with practical application, LDR519 prepares students to maintain robust defenses and navigate the evolving threat landscape.

My name is James Tarala, and I have been researching, writing content, and teaching for SANS Institute since 2002. In that time, I've taught dozens of different cybersecurity classes and participated in numerous consensus research projects that I hope have contributed to the overall body of cybersecurity knowledge. Writing a SANS course, and definitely writing two SANS courses, is a labor of love, and I want students to know why I took the time to write these classes and why I think they are so crucial to organizations today. Indeed, students can read the course descriptions for each course to understand what is covered in each course, but I wanted students to understand why I wrote them.

In Simon Sinek’s book, Start with Why: How Great Leaders Inspire Everyone to Take Action, he states, "All organizations start with WHY, but only the great ones keep their WHY clear year after year." I am writing this blog post to encourage my students and myself to remember why the principles of cybersecurity risk management are still vital to organizations today and to provide a north star for LDR419 and LDR519 in the future. I hope this post helps us all focus on the importance of this content.

The Importance of Cybersecurity Risk Management

It truly is my belief, and the belief of SANS Institute, that every organization can benefit from performing a cybersecurity risk assessment and engaging in cybersecurity risk management practices. By identifying, assessing, and mitigating potential threats effectively, cybersecurity risk management enables organizations to protect critical assets, maintain stakeholder trust, and ensure operational continuity. This proactive approach empowers professionals to make informed decisions, prioritize resources efficiently, and comply with regulatory standards, ultimately creating a cybersecurity posture that can adapt to the evolving threat environment. In a world where cyber threats are increasingly sophisticated and pervasive, mastering cybersecurity risk management is essential for safeguarding information systems, preserving data integrity, and sustaining organizational resilience against cyber-attacks.

In short, cybersecurity risk management helps organizations create a cybersecurity strategy, which helps ensure an organization’s technology systems continue to operate as intended. This, in turn, helps ensure the organization’s technology systems enable an organization to achieve its mission.

Problem Statement

Effective risk management serves as a guiding light for organizations grappling with the complexities of safeguarding their digital assets. Cybersecurity risk management empowers businesses to navigate the evolving threat landscape with clarity and purpose, ensuring resilience and informed decision-making. Without this information, organizations tend to wander and lose focus. Without this foundation, it is easy for organizations to gravitate towards trendy defenses rather than focusing on the safeguards with the greatest likelihood of helping achieve its goals.

Every week I talk with organizations struggling to maintain a meaningful strategy for cybersecurity. Some of the most common challenges I see organizations facing are:

1. Uncertainty in knowing which cybersecurity safeguards are effective.

Organizations often face the challenge of discerning the efficacy of various cybersecurity measures amidst a myriad of potential threats. By leveraging comprehensive risk management frameworks, businesses can methodically evaluate the effectiveness of safeguards based on objective observations and industry standards, ensuring that resources are allocated to the most impactful security measures, bolstering their defense strategies.

2. Uncertainty regarding how to prioritize cybersecurity safeguards.

Prioritizing cybersecurity safeguards can be a daunting task without a clear understanding of the threat landscape. Cybersecurity risk management provides a structured methodology for assessing risks and ranking threats, and thus safeguards, based on their potential impact and likelihood. This strategic prioritization enables organizations to focus on addressing the most critical threats first, optimizing resource allocation and strengthening their security posture.

3. Uncertainty regarding how to prioritize limited personnel and financial resources.

Limited resources pose a common challenge for organizations in the realm of cybersecurity, necessitating judicious resource allocation. Through effective risk management practices, businesses can identify the most critical areas requiring attention and strategically allocate personnel and financial resources. This targeted approach maximizes the impact of resources, ensuring key cybersecurity initiatives receive the necessary support to mitigate significant risks.

4. Uncertainty about what to measure and communicate to business stakeholders to enhance their decision-making.

Clear communication of cybersecurity risks and measures is imperative for informed decision-making by business stakeholders. Implementing robust risk management frameworks facilitates the identification of key metrics and the development of clear communication strategies. By providing stakeholders with relevant and actionable insights, organizations empower decision-makers to align cybersecurity efforts with business objectives, fostering proactive risk management and strategic decision-making.

SANS LDR419 and LDR519 work together to teach students a foundational understanding of cybersecurity risk management to enable them to solve these challenges and be strategic with their cybersecurity investments.

LDR419: Performing a Cybersecurity Risk Assessment

I wrote the SANS LDR419: Performing a Cybersecurity Risk Assessment course to equip students with practical skills essential for navigating the intricacies of risk assessment. As a 400-level course, it serves as an entry point into the domain of cybersecurity risk assessment, providing students with the introductory knowledge necessary to effectively conduct thorough risk assessments. By immersing participants in the fundamental principles and methodologies of risk assessment, this course empowers individuals to identify, evaluate, and prioritize risks with precision, setting a robust foundation for their journey to understand cybersecurity risk management practices.

This course adopts a practical, step-by-step approach to impart students with the essential hands-on knowledge required to proficiently conduct cybersecurity risk assessments. By meticulously guiding participants through the systematic process of identifying, evaluating, and prioritizing risks, this course equips individuals with the practical skills needed to navigate the intricacies of risk assessments effectively. Through real-world applications and practical exercises, LDR419 ensures students not only grasp theoretical concepts but also gain the confidence and competence necessary to execute comprehensive risk assessments with precision and proficiency, laying a solid foundation for their future endeavors in cybersecurity risk management.

LDR519: Cybersecurity Risk Management and Compliance

The new SANS LDR519: Cybersecurity Risk Management and Compliance course serves as a deeper dive into the theories and philosophies underpinning cybersecurity risk management practices. This advanced course aims to equip students with a profound comprehension of the foundational principles guiding organizational decisions within the cybersecurity domain. By exploring the intricate philosophies behind cybersecurity strategies, LDR519 not only imparts practical skills but also fosters a nuanced understanding of the rationale driving organizational cybersecurity initiatives. This deeper insight empowers students to align their actions with strategic objectives, enabling them to make informed decisions that resonate with the broader goals of their organizations, thus fostering a holistic and thoughtful approach to cybersecurity risk management and compliance.

Specifically, this course provides a comprehensive exploration of cybersecurity threat models, safeguard frameworks, and essential skills for effectively tracking and managing long term cybersecurity risk. This course goes beyond surface-level discussions to equip students with an in-depth understanding of the intricacies involved in maintaining robust cybersecurity defenses and navigating the evolving threat landscape with resilience. By focusing on the strategic aspects of cybersecurity risk management, LDR519 not only imparts theoretical knowledge but also instills practical skills necessary for sustained cybersecurity preparedness and proactive risk mitigation strategies, ensuring that organizations can adapt and thrive amidst dynamic cybersecurity challenges over time.

In summary, the reason I wrote these classes, first and foremost, was to clarify a subject where I see confusion on a weekly basis. Every week, I work with organizations to help them answer questions related to how they can manage cybersecurity risk. I wanted to take the experiences from my professional life and communicate what I have learned from these experiences to students. Risk management can be a nebulous topic to organizations. Everyone knows it is something they should engage in, but few organizations actually know what that means. I hope this new course provides clarity to students and the practical skills necessary to successful leading their programs into the future.

Check out James’ SANS profile to see when he’s teaching near you, sign up for the Beta run of LDR519 at SANS Network Security 2024 (at a special discounted price) here , or sign up for a free demo of LDR419 here.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Cybersecurity Leadership

Related Content

Blog
emerging threats summit 340x340.png
Digital Forensics, Incident Response & Threat Hunting, Offensive Operations, Pen Testing, and Red Teaming, Cyber Defense, Industrial Control Systems Security, Cybersecurity Leadership
May 14, 2025
Visual Summary of SANS Emerging Threats Summit 2025
Check out these graphic recordings created in real-time throughout the event for SANS Emerging Threats Summit 2025
No Headshot Available
Alison Kim
read more
Blog
CD - Blog - Eight Essential Lessons for Resilient Supply Chain Security_340 x 340.jpg
Cybersecurity Leadership, Cyber Defense
June 17, 2024
Eight Essential Lessons for Resilient Supply Chain Security
Tony Turner, SEC547 course author, shares his insights on building a secure product supply chain.
Tony_Turner_340x340.png
Tony Turner
read more
Blog
SSA_-_Blog_-_Leveraging_AI_to_Manage_Human_Risk_–_(Part_3)_340x340.jpg
Security Awareness, Artificial Intelligence (AI), Cybersecurity Leadership
October 26, 2023
Leveraging Artificial Intelligence (AI) to Manage Human Risk: Part 3 – Issues and Limitations
Leveraging AI has never been easier, but there are implications regarding its safety and limitations.
370x370_Lance-Spitzner.jpg
Lance Spitzner
read more
  • Company
  • Mission
  • Instructors
  • About
  • FAQ
  • Press
  • Contact Us
  • Careers
  • Policies
  • Training Programs
  • Work Study
  • Academies & Scholarships
  • Public Sector Partnerships
  • Law Enforcement
  • SkillsFuture Singapore
  • Degree Programs
  • Get Involved
  • Join the Community
  • Become an Instructor
  • Become a Sponsor
  • Speak at a Summit
  • Join the CISO Network
  • Award Programs
  • Partner Portal
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
© 2025 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute. Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn