homepage
Open menu
Contact Sales
Beta

LDR419: Performing A Cybersecurity Risk Assessment

Register Now
  • Online
12 CPEs

Recent laws are requiring organizations to perform a cybersecurity risk assessment for compliance and audit reasons. However, many organizations do this without a specific strategy, which leads to random defenses, ineffective programs, and financial loss. Understanding the business context for the assessment promotes accurately discerning business risk and protecting accordingly. Go beyond theoretical and academic and truly understand how to perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results. LDR419 teaches students the practical, hands-on skills they need to perform such risk assessments.

Course Authors:
James Tarala
James Tarala
Senior Instructor
What You Will LearnSyllabusPrerequisitesLaptop RequirementsAuthor StatementTraining & Pricing

What You Will Learn

WHAT IS A CYBERSECURITY RISK ASSESSMENT?

A cybersecurity risk assessment is a tool organizations can use to help ensure that appropriate security safeguards are in place that allow technology systems to continue to meet the organization's goals, needs, and regulations.

Every organization should be performing risk assessments as a part of their cybersecurity program. Regular risk assessments allow organizations to create practical strategies for defense and evaluate where there are weaknesses in their cybersecurity program that could keep them from achieving their goals. Most cybersecurity risk courses are theoretical and academic, often leaving students unsure how to do the actual assessment work. This cyber security risk assessment training teaches students the practical, hands-on skills they need to perform risk assessments.

The course uses the Cyber42 leadership simulation game to put students into real-world scenarios that spur discussion and critical thinking of situations that they will encounter at work. Throughout the class students will participate in multiple Cyber42 activities to help them practice what they learn and ensure that they will be able to take these skills immediately back to the office.

BUSINESS TAKEAWAYS

  • Plan for and establish the context for a cybersecurity risk assessment
  • Meet and exceed regulatory requirements
  • Effectively export the results of a risk assessment to key stakeholders
  • Create a strategy for how to respond to identified cybersecurity risks

SKILLS LEARNED

  • Constructing a risk management program
  • Creating a cybersecurity program charter
  • Choosing appropriate cybersecurity safeguards
  • Performing third-party risk assessments
  • Performing a cyber security risk assessment
  • Evaluating cybersecurity documentation
  • Examining the implementation of cybersecurity safeguards
  • Thoroughly reporting risk to business stakeholders
  • Effectively reporting risk to technical stakeholders
  • Productively respond to risks identified during an assessment

HANDS-ON CYBERSECURITY RISK ASSESSMENT TRAINING

Each of the case studies in this course will be based on a fictitious technology company, Initech Systems, and its quest towards maintaining a more mature cybersecurity program. Students will have an opportunity to explore Initech's specific cybersecurity strategies and tactical plans, which are based on real-world examples. To facilitate these case studies, students will use the Cyber42 tabletop simulation game to put students in real-world scenarios that spur discussion and critical thinking of situations that they will encounter at their offices.

  • Evaluating an Organization's Governance Model
  • Evaluating a Cybersecurity Program's Goals to Create a Safeguard Inventory
  • Creating a Comprehensive Risk Assessment Plan for Internal and Third Parties
  • Evaluating a Cybersecurity Policy
  • Evaluating Cybersecurity Technical Safeguards
  • Creating an Executive Risk Briefing
  • Writing a Personal Action Plan

Section 1: Learn the practical, foundational skills necessary to prepare for and plan for performing a risk assessment.

Section 2: Learning the practical skills for how to perform a cybersecurity risk assessment and present risks to leadership.

WHAT YOU WILL RECEIVE

  • Printed and electronic courseware
  • Cybersecurity risk assessment templates, tools, and checklists
  • Access to the Cyber42 security leadership simulation web app
  • MP3 audio files of the complete course lecture
  • Exercise workbook and electronic workbook with detailed step-by-step instructions for case studies covered in class

WHAT COMES NEXT

Syllabus (12 CPEs)

Download PDF
  • Overview

    To effectively perform a risk assessment, cybersecurity professionals need to understand the business context for cybersecurity risk. Ultimately, risk assessments are not performed in a vacuum -- they can only exist in the context of technology and business objectives. Understanding risk requires students to understand a framework for cybersecurity governance and how risk fits into that framework. In other words, before someone can perform a risk assessment, they need to understand how to prepare themselves for a risk assessment and why they are performing a risk assessment. In this section of the course, students will learn the practical, foundational skills necessary to prepare for and plan for performing a risk assessment.

    Exercises
    • Evaluating an Organization's Governance Model
    • Evaluating a Cybersecurity Program's Goals to Create a Safeguard Inventory
    • Creating a Comprehensive Risk Assessment Plan for Internal and Third Parties
    Topics
    • The Business Context for Risk Assessment
    • An Architecture for Governance and Risk
    • The Risk Management Lifecycle
    • Selecting Cybersecurity Safeguards
    • Scoping Internal vs Third-Party Risk Assessments
  • Overview

    In this section of the course, students will learn the step-by-step practical skills to perform a cybersecurity risk assessment. Students will be provided templates, tools, and checklists for performing a cybersecurity risk assessment and taught the skills necessary to use those resources effectively. Through the extensive use of real-world case studies, students will have the opportunity to practice the skills they learn and be able to put them into practice under the guidance of an experienced instructor-mentor. To close the class, students will learn what to do with the results of their assessment and their role in encouraging an organization's stakeholders to take appropriate steps to respond to the risks identified throughout the process.

    Exercises
    • Evaluating a Cybersecurity Policy
    • Evaluating Cybersecurity Technical Safeguards
    • Creating an Executive Risk Briefing
    • Writing a Personal Action Plan
    Topics
    • Risk Assessment Quality
    • Evaluating Cybersecurity Documentation
    • Evaluating Cybersecurity Safeguards
    • Presenting Risk to Stakeholders
    • Risk Remediation & Response

Prerequisites

A basic understanding of information security and information security management topics is helpful for students attending this class. However, a strong background in any of these skills is not a pre-requisite for the class. In the class students will be taught a step-by-step approach for performing a risk assessment regardless of their technical information security or management background.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all the specified requirements.

This is common sense, but back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY LDR419 SYSTEM HARDWARE REQUIREMENTS
  • Wireless 802.11 capability: There is no wired Internet access in the classroom.
MANDATORY LDR419 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS
  • Host Operating System: Latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Microsoft Office (any version) or OpenOffice installed on your host. Note that you can download Office Trial Software online (free for 30 days).

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement

"Every organization needs to be performing risk assessments on a regular basis, no matter what kind of organization it is. We do risk assessments for two main reasons. First, we do risk assessments to figure out what defenses our organizations need to make sure our technology supports our business objectives. Second, we do risk assessments to identify where our organization is not doing the things, we should be doing to defend ourselves and ensure stakeholders understand those gaps.

I wrote this class to give students a practical understanding of how to perform risk assessments of all types. This course starts by teaching students the foundational context of risk and then quickly pivots to cover a specific, step-by-step approach for performing a cyber security risk assessment. Students will leave this class with the knowledge, tools, and templates they need to return to their offices and perform a risk assessment, communicate the results to business stakeholders, and productively respond to identified risks. I hope students will take what they learn and use it to make a difference in their organizations."

-James Tarala

"James clearly has a significant amount of experience in both teaching and conducting evaluations." - Matt P., US Government

Ways to Learn

  • Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

Who Should Attend LDR419?

  • Risk Management Professionals
  • Governance, Risk, Compliance Professionals
  • IT Auditors
  • Directors of Security Compliance
  • Information Assurance Management
  • System Administrators / Engineers

NICE Framework Work Roles:

  • Risk Management (RSK) SP-RSK-001
  • Risk Management (RSK) SP-RSK-002
  • Test and Evaluation (TST) SP-TST-001

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter
Africa/Abidjan
Africa/Accra
Africa/Addis Ababa
Africa/Algiers
Africa/Asmara
Africa/Asmera
Africa/Bamako
Africa/Bangui
Africa/Banjul
Africa/Bissau
Africa/Blantyre
Africa/Brazzaville
Africa/Bujumbura
Africa/Cairo
Africa/Casablanca
Africa/Ceuta
Africa/Conakry
Africa/Dakar
Africa/Dar es Salaam
Africa/Djibouti
Africa/Douala
Africa/El Aaiun
Africa/Freetown
Africa/Gaborone
Africa/Harare
Africa/Johannesburg
Africa/Juba
Africa/Kampala
Africa/Khartoum
Africa/Kigali
Africa/Kinshasa
Africa/Lagos
Africa/Libreville
Africa/Lome
Africa/Luanda
Africa/Lubumbashi
Africa/Lusaka
Africa/Malabo
Africa/Maputo
Africa/Maseru
Africa/Mbabane
Africa/Mogadishu
Africa/Monrovia
Africa/Nairobi
Africa/Ndjamena
Africa/Niamey
Africa/Nouakchott
Africa/Ouagadougou
Africa/Porto-Novo
Africa/Sao Tome
Africa/Timbuktu
Africa/Tripoli
Africa/Tunis
Africa/Windhoek
America/Adak
America/Anchorage
America/Anguilla
America/Antigua
America/Araguaina
America/Argentina/Buenos Aires
America/Argentina/Catamarca
America/Argentina/ComodRivadavia
America/Argentina/Cordoba
America/Argentina/Jujuy
America/Argentina/La Rioja
America/Argentina/Mendoza
America/Argentina/Rio Gallegos
America/Argentina/Salta
America/Argentina/San Juan
America/Argentina/San Luis
America/Argentina/Tucuman
America/Argentina/Ushuaia
America/Aruba
America/Asuncion
America/Atikokan
America/Atka
America/Bahia
America/Bahia Banderas
America/Barbados
America/Belem
America/Belize
America/Blanc-Sablon
America/Boa Vista
America/Bogota
America/Boise
America/Buenos Aires
America/Cambridge Bay
America/Campo Grande
America/Cancun
America/Caracas
America/Catamarca
America/Cayenne
America/Cayman
America/Chicago
America/Chihuahua
America/Coral Harbour
America/Cordoba
America/Costa Rica
America/Creston
America/Cuiaba
America/Curacao
America/Danmarkshavn
America/Dawson
America/Dawson Creek
America/Denver
America/Detroit
America/Dominica
America/Edmonton
America/Eirunepe
America/El Salvador
America/Ensenada
America/Fort Nelson
America/Fort Wayne
America/Fortaleza
America/Glace Bay
America/Godthab
America/Goose Bay
America/Grand Turk
America/Grenada
America/Guadeloupe
America/Guatemala
America/Guayaquil
America/Guyana
America/Halifax
America/Havana
America/Hermosillo
America/Indiana/Indianapolis
America/Indiana/Knox
America/Indiana/Marengo
America/Indiana/Petersburg
America/Indiana/Tell City
America/Indiana/Vevay
America/Indiana/Vincennes
America/Indiana/Winamac
America/Indianapolis
America/Inuvik
America/Iqaluit
America/Jamaica
America/Jujuy
America/Juneau
America/Kentucky/Louisville
America/Kentucky/Monticello
America/Knox IN
America/Kralendijk
America/La Paz
America/Lima
America/Los Angeles
America/Louisville
America/Lower Princes
America/Maceio
America/Managua
America/Manaus
America/Marigot
America/Martinique
America/Matamoros
America/Mazatlan
America/Mendoza
America/Menominee
America/Merida
America/Metlakatla
America/Mexico City
America/Miquelon
America/Moncton
America/Monterrey
America/Montevideo
America/Montreal
America/Montserrat
America/Nassau
America/New York
America/Nipigon
America/Nome
America/Noronha
America/North Dakota/Beulah
America/North Dakota/Center
America/North Dakota/New Salem
America/Nuuk
America/Ojinaga
America/Panama
America/Pangnirtung
America/Paramaribo
America/Phoenix
America/Port-au-Prince
America/Port of Spain
America/Porto Acre
America/Porto Velho
America/Puerto Rico
America/Punta Arenas
America/Rainy River
America/Rankin Inlet
America/Recife
America/Regina
America/Resolute
America/Rio Branco
America/Rosario
America/Santa Isabel
America/Santarem
America/Santiago
America/Santo Domingo
America/Sao Paulo
America/Scoresbysund
America/Shiprock
America/Sitka
America/St Barthelemy
America/St Johns
America/St Kitts
America/St Lucia
America/St Thomas
America/St Vincent
America/Swift Current
America/Tegucigalpa
America/Thule
America/Thunder Bay
America/Tijuana
America/Toronto
America/Tortola
America/Vancouver
America/Virgin
America/Whitehorse
America/Winnipeg
America/Yakutat
America/Yellowknife
Antarctica/Casey
Antarctica/Davis
Antarctica/DumontDUrville
Antarctica/Macquarie
Antarctica/Mawson
Antarctica/McMurdo
Antarctica/Palmer
Antarctica/Rothera
Antarctica/South Pole
Antarctica/Syowa
Antarctica/Troll
Antarctica/Vostok
Arctic/Longyearbyen
Asia/Aden
Asia/Almaty
Asia/Amman
Asia/Anadyr
Asia/Aqtau
Asia/Aqtobe
Asia/Ashgabat
Asia/Ashkhabad
Asia/Atyrau
Asia/Baghdad
Asia/Bahrain
Asia/Baku
Asia/Bangkok
Asia/Barnaul
Asia/Beirut
Asia/Bishkek
Asia/Brunei
Asia/Calcutta
Asia/Chita
Asia/Choibalsan
Asia/Chongqing
Asia/Chungking
Asia/Colombo
Asia/Dacca
Asia/Damascus
Asia/Dhaka
Asia/Dili
Asia/Dubai
Asia/Dushanbe
Asia/Famagusta
Asia/Gaza
Asia/Harbin
Asia/Hebron
Asia/Ho Chi Minh
Asia/Hong Kong
Asia/Hovd
Asia/Irkutsk
Asia/Istanbul
Asia/Jakarta
Asia/Jayapura
Asia/Jerusalem
Asia/Kabul
Asia/Kamchatka
Asia/Karachi
Asia/Kashgar
Asia/Kathmandu
Asia/Katmandu
Asia/Khandyga
Asia/Kolkata
Asia/Krasnoyarsk
Asia/Kuala Lumpur
Asia/Kuching
Asia/Kuwait
Asia/Macao
Asia/Macau
Asia/Magadan
Asia/Makassar
Asia/Manila
Asia/Muscat
Asia/Nicosia
Asia/Novokuznetsk
Asia/Novosibirsk
Asia/Omsk
Asia/Oral
Asia/Phnom Penh
Asia/Pontianak
Asia/Pyongyang
Asia/Qatar
Asia/Qostanay
Asia/Qyzylorda
Asia/Rangoon
Asia/Riyadh
Asia/Saigon
Asia/Sakhalin
Asia/Samarkand
Asia/Seoul
Asia/Shanghai
Asia/Singapore
Asia/Srednekolymsk
Asia/Taipei
Asia/Tashkent
Asia/Tbilisi
Asia/Tehran
Asia/Tel Aviv
Asia/Thimbu
Asia/Thimphu
Asia/Tokyo
Asia/Tomsk
Asia/Ujung Pandang
Asia/Ulaanbaatar
Asia/Ulan Bator
Asia/Urumqi
Asia/Ust-Nera
Asia/Vientiane
Asia/Vladivostok
Asia/Yakutsk
Asia/Yangon
Asia/Yekaterinburg
Asia/Yerevan
Atlantic/Azores
Atlantic/Bermuda
Atlantic/Canary
Atlantic/Cape Verde
Atlantic/Faeroe
Atlantic/Faroe
Atlantic/Jan Mayen
Atlantic/Madeira
Atlantic/Reykjavik
Atlantic/South Georgia
Atlantic/St Helena
Atlantic/Stanley
Australia/ACT
Australia/Adelaide
Australia/Brisbane
Australia/Broken Hill
Australia/Canberra
Australia/Currie
Australia/Darwin
Australia/Eucla
Australia/Hobart
Australia/LHI
Australia/Lindeman
Australia/Lord Howe
Australia/Melbourne
Australia/NSW
Australia/North
Australia/Perth
Australia/Queensland
Australia/South
Australia/Sydney
Australia/Tasmania
Australia/Victoria
Australia/West
Australia/Yancowinna
Brazil/Acre
Brazil/DeNoronha
Brazil/East
Brazil/West
CET
CST6CDT
Canada/Atlantic
Canada/Central
Canada/Eastern
Canada/Mountain
Canada/Newfoundland
Canada/Pacific
Canada/Saskatchewan
Canada/Yukon
Chile/Continental
Chile/EasterIsland
Cuba
EET
EST
EST5EDT
Egypt
Eire
Etc/GMT
Etc/GMT+0
Etc/GMT+1
Etc/GMT+10
Etc/GMT+11
Etc/GMT+12
Etc/GMT+2
Etc/GMT+3
Etc/GMT+4
Etc/GMT+5
Etc/GMT+6
Etc/GMT+7
Etc/GMT+8
Etc/GMT+9
Etc/GMT-0
Etc/GMT-1
Etc/GMT-10
Etc/GMT-11
Etc/GMT-12
Etc/GMT-13
Etc/GMT-14
Etc/GMT-2
Etc/GMT-3
Etc/GMT-4
Etc/GMT-5
Etc/GMT-6
Etc/GMT-7
Etc/GMT-8
Etc/GMT-9
Etc/GMT0
Etc/Greenwich
Etc/UCT
Etc/UTC
Etc/Universal
Etc/Zulu
Europe/Amsterdam
Europe/Andorra
Europe/Astrakhan
Europe/Athens
Europe/Belfast
Europe/Belgrade
Europe/Berlin
Europe/Bratislava
Europe/Brussels
Europe/Bucharest
Europe/Budapest
Europe/Busingen
Europe/Chisinau
Europe/Copenhagen
Europe/Dublin
Europe/Gibraltar
Europe/Guernsey
Europe/Helsinki
Europe/Isle of Man
Europe/Istanbul
Europe/Jersey
Europe/Kaliningrad
Europe/Kiev
Europe/Kirov
Europe/Lisbon
Europe/Ljubljana
Europe/London
Europe/Luxembourg
Europe/Madrid
Europe/Malta
Europe/Mariehamn
Europe/Minsk
Europe/Monaco
Europe/Moscow
Europe/Nicosia
Europe/Oslo
Europe/Paris
Europe/Podgorica
Europe/Prague
Europe/Riga
Europe/Rome
Europe/Samara
Europe/San Marino
Europe/Sarajevo
Europe/Saratov
Europe/Simferopol
Europe/Skopje
Europe/Sofia
Europe/Stockholm
Europe/Tallinn
Europe/Tirane
Europe/Tiraspol
Europe/Ulyanovsk
Europe/Uzhgorod
Europe/Vaduz
Europe/Vatican
Europe/Vienna
Europe/Vilnius
Europe/Volgograd
Europe/Warsaw
Europe/Zagreb
Europe/Zaporozhye
Europe/Zurich
GB
GB-Eire
GMT
GMT+0
GMT-0
GMT0
Greenwich
HST
Hongkong
Iceland
Indian/Antananarivo
Indian/Chagos
Indian/Christmas
Indian/Cocos
Indian/Comoro
Indian/Kerguelen
Indian/Mahe
Indian/Maldives
Indian/Mauritius
Indian/Mayotte
Indian/Reunion
Iran
Israel
Jamaica
Japan
Kwajalein
Libya
MET
MST
MST7MDT
Mexico/BajaNorte
Mexico/BajaSur
Mexico/General
NZ
NZ-CHAT
Navajo
PRC
PST8PDT
Pacific/Apia
Pacific/Auckland
Pacific/Bougainville
Pacific/Chatham
Pacific/Chuuk
Pacific/Easter
Pacific/Efate
Pacific/Enderbury
Pacific/Fakaofo
Pacific/Fiji
Pacific/Funafuti
Pacific/Galapagos
Pacific/Gambier
Pacific/Guadalcanal
Pacific/Guam
Pacific/Honolulu
Pacific/Johnston
Pacific/Kiritimati
Pacific/Kosrae
Pacific/Kwajalein
Pacific/Majuro
Pacific/Marquesas
Pacific/Midway
Pacific/Nauru
Pacific/Niue
Pacific/Norfolk
Pacific/Noumea
Pacific/Pago Pago
Pacific/Palau
Pacific/Pitcairn
Pacific/Pohnpei
Pacific/Ponape
Pacific/Port Moresby
Pacific/Rarotonga
Pacific/Saipan
Pacific/Samoa
Pacific/Tahiti
Pacific/Tarawa
Pacific/Tongatapu
Pacific/Truk
Pacific/Wake
Pacific/Wallis
Pacific/Yap
Poland
Portugal
ROC
ROK
Singapore
Turkey
UCT
US/Alaska
US/Aleutian
US/Arizona
US/Central
US/East-Indiana
US/Eastern
US/Hawaii
US/Indiana-Starke
US/Michigan
US/Mountain
US/Pacific
US/Samoa
UTC
Universal
W-SU
WET
Zulu
Filters:
Training Formats
    Location
    Dates

    Register for LDR419

    Loading...