New

LDR419: Performing A Cybersecurity Risk Assessment

  • In Person (2 days)
  • Online
12 CPEs

Recent laws are requiring organizations to perform a cybersecurity risk assessment for compliance and audit reasons. However, many organizations do this without a specific strategy, which leads to random defenses, ineffective programs, and financial loss. In this introduction to cybersecurity risk assessments, understanding the business context for the assessment promotes accurately discerning business risk and protecting accordingly. Go beyond theoretical and academic and truly understand how to properly prepare for and perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results. LDR419 teaches students the foundational knowledge and practical, hands-on skills they need to perform such risk assessments.

What You Will Learn

Every organization should be performing risk assessments as a part of their cybersecurity program. Regular risk assessments allow organizations to create practical strategies for defense and evaluate where there are weaknesses in their cybersecurity program that could keep them from achieving their goals. Most cybersecurity risk courses are theoretical and academic, often leaving students unsure how to prepare for and do the actual assessment work. This cyber security risk assessment training teaches students the foundational knowledge and practical, hands-on skills they need to perform risk assessments.

The course uses the Cyber42 leadership simulation game to put students into real-world scenarios that spur discussion and critical thinking of situations that they will encounter at work. Throughout the class students will participate in multiple Cyber42 activities to help them practice what they learn and ensure that they will be able to take these skills immediately back to the office.

Business Takeaways

  • Establish the business case for a cyber security risk assessment
  • Prepare for a risk assessment that matters to the business
  • Meet and exceed regulatory requirements
  • Effectively export the results of a risk assessment to key stakeholders
  • Create a strategy for how to respond to identified cybersecurity risks

Skills Learned

  • Understanding the business context for a risk management program
  • Creating a cybersecurity program charter
  • Understanding foundational elements of risk
  • Choosing appropriate cybersecurity safeguards
  • Performing third-party risk assessments
  • Performing a cyber security risk assessment
  • Evaluating cybersecurity documentation
  • Examining the implementation of cybersecurity safeguards
  • Thoroughly reporting risk to business stakeholders
  • Effectively reporting risk to technical stakeholders
  • Productively respond to risks identified during an assessment

Hands-On Cybersecurity Risk Assessment Training

Each of the case studies in this course will be based on a fictitious technology company, Initech Systems, and its quest towards maintaining a more mature cybersecurity program. Students will have an opportunity to explore Initech's specific cybersecurity strategies and tactical plans, which are based on real-world examples. To facilitate these case studies, students will use the Cyber42 tabletop simulation game to put students in real-world scenarios that spur discussion and critical thinking of situations that they will encounter at their offices.

  • Evaluating an Organization's Governance Model
  • Evaluating a Cybersecurity Program's Goals to Create a Safeguard Inventory
  • Creating a Comprehensive Risk Assessment Plan for Internal and Third Parties
  • Evaluating a Cybersecurity Policy
  • Evaluating Cybersecurity Technical Safeguards
  • Creating an Executive Risk Briefing
  • Writing a Personal Action Plan

Section 1: Learn the practical, foundational skills necessary to prepare for and plan for performing a risk assessment.

Section 2: Learning the practical skills for how to perform a cybersecurity risk assessment and present risks to leadership.

“The Cyber42 exercises were a great way to demonstrate the realistic circumstance of having to weigh imperfect options against each other and make the best of what we have.”Stephanie Martin, Federal Reserve Bank of Richmond

“I really enjoyed the Cyber42 lab - it made me think critically about differing options and how there is more than one path to take to achieve good outcomes.”Caitlin Sawyer, John Deere

“Love the interaction and required thought one has to put into Cyber42 to make it worthwhile.” – Kevin Solway, County of Marinette

What You Will Receive

  • Printed and electronic courseware
  • Cybersecurity risk assessment templates, tools, and checklists
  • Access to the Cyber42 security leadership simulation web app
  • MP3 audio files of the complete course lecture
  • Exercise workbook and electronic workbook with detailed step-by-step instructions for case studies covered in class

What Comes Next

Syllabus (12 CPEs)

Download PDF
  • Overview

    To effectively perform a risk assessment, cybersecurity professionals need to understand the business context for cybersecurity risk. Ultimately, risk assessments are not performed in a vacuum -- they can only exist in the context of technology and business objectives. Understanding risk requires students to understand a framework for cybersecurity governance and how risk fits into that framework. In other words, before someone can perform a risk assessment, they need to understand how to prepare themselves for a risk assessment and why they are performing a risk assessment. In this section of the course, students will learn the practical, foundational skills necessary to prepare for and plan for performing a risk assessment.

    Exercises
    • Evaluating an Organization's Governance Model
    • Evaluating a Cybersecurity Program's Goals to Create a Safeguard Inventory
    • Creating a Comprehensive Risk Assessment Plan for Internal and Third Parties
    Topics
    • The Business Context for Risk Assessment
    • An Architecture for Governance and Risk
    • The Risk Management Lifecycle
    • Selecting Cybersecurity Safeguards
    • Scoping Internal vs Third-Party Risk Assessments
  • Overview

    In this section of the course, students will learn the step-by-step practical skills to perform a cybersecurity risk assessment. Students will be provided templates, tools, and checklists for performing a cybersecurity risk assessment and taught the skills necessary to use those resources effectively. Through the extensive use of real-world case studies, students will have the opportunity to practice the skills they learn under the guidance of an experienced instructor-mentor. To close the class, students will learn what to do with the results of their assessment and their role in encouraging an organization's stakeholders to take appropriate steps to respond to the risks identified throughout the process.

    Exercises
    • Evaluating a Cybersecurity Policy
    • Evaluating Cybersecurity Technical Safeguards
    • Creating an Executive Risk Briefing
    • Writing a Personal Action Plan
    Topics
    • Risk Assessment Quality
    • Evaluating Cybersecurity Documentation
    • Evaluating Cybersecurity Safeguards
    • Presenting Risk to Stakeholders
    • Risk Remediation & Response

Prerequisites

A basic understanding of information security and information security management topics is helpful for students attending this class. However, a strong background in any of these skills is not a pre-requisite for the class. In the class students will be taught a step-by-step approach for performing a risk assessment regardless of their technical information security or management background.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all the specified requirements.

This is common sense, but back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY LDR419 SYSTEM REQUIREMENTS
  • Processor: CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class or Apple Mac systems using the M1/M2/M3 processor.
  • Memory: 8GB of RAM or more is required.
  • Free Disk Space: 20GB of free storage space or more is required.
  • Wireless 802.11 capability: There is no wired Internet access in the classroom.
  • USB-A read / write capability: This is recommended in case students need to exchange large files during class. At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
  • Host Operating System: Latest version of Windows 10, Windows 11, or macOS 10.15.x or newer. Fully patch your host operating system prior to the course to ensure you have the right drivers and patches installed.
  • Local Administrator Rights: Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • Endpoint Protection Software: You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Operating System Updates: Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux Workstations: Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials.
  • Microsoft Office: Microsoft Office (any currently supported version) installed on your host. Note that you can download Office Trial Software online (free for 30 days). Open Office is NOT supported for this course.
  • Web Browser: A web browser you feel comfortable using during class. Microsoft Edge, Googler Chrome, or Mozilla Firefox will all be supported in class. If you choose to use a different browser on your host, you are solely responsible for configuring it to work with the course materials.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement

"Every organization needs to be performing risk assessments on a regular basis, no matter what kind of organization it is. We do risk assessments for two main reasons. First, we do risk assessments to figure out what defenses our organizations need to make sure our technology supports our business objectives. Second, we do risk assessments to identify where our organization is not doing the things, we should be doing to defend ourselves and ensure stakeholders understand those gaps.

I wrote this class to give students a practical understanding of how to perform risk assessments of all types. This course starts by teaching students the foundational context of risk and then quickly pivots to cover a specific, step-by-step approach for performing a cyber security risk assessment. Students will leave this class with the knowledge, tools, and templates they need to return to their offices and perform a risk assessment, communicate the results to business stakeholders, and productively respond to identified risks. I hope students will take what they learn and use it to make a difference in their organizations."

-James Tarala

“James is top notch. He brings so much expertise and is precise with clarifying when something doesn't make sense. By far my favorite SANs instructor!”Caitlin Sawyer, John Deere

Reviews

The content is very relevant and can be directly applied to my work. It helped me get an overview on risk management frameworks before diving into how we do a risk assessment.
Sammie Pless
Premera
Anyone looking to change careers [into cybersecurity] would be able to get their sea legs under them with the instruction provided.
Umar Brown
USPS
Good information that can be used in the real world. Not just book knowledge and theory. The right mix on foundational items and how they apply in the real world.
Kevin Solway
County of Marinette

    Register for LDR419

    Learn about Group Pricing

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

    Loading...