Ending Soon: Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Best Offers of the Year!

Stay Sharp: Europe March 2021 - Live Online

Virtual, Central European Time | Mon, Mar 15 - Thu, Mar 25, 2021

MGT415: A Practical Introduction to Cyber Security Risk Management

Mon, March 22 - Thu, March 25, 2021

Course Syllabus  ·  12 CPEs  ·   Lab Requirements
Instructor: G. Mark Hardy  ·  Price: 2,615 EUR

In this course students will learn the practical skills necessary to perform regular risk assessments for their organizations. The ability to perform risk management is crucial for organizations hoping to defend their systems. There are simply too many threats, too many potential vulnerabilities that could exist, and simply not enough resources to create an impregnable security infrastructure. Therefore every organization, whether they do so in an organized manner or not, will make priority decision on how best to defend their valuable data assets. Risk management should be the foundational tool used to facilitate thoughtful and purposeful defense strategies.

HANDS-ON TRAINING:

  • Lab 1 - Performing a Simple Risk Assessment
  • Lab 2 - Risk Assessment Case Study
  • Lab 3 - Formal Risk Assessment Tools
  • Lab 4 - Formal Risk Management Tools
  • Lab 5 - Log Parsing to Identify Risks
  • Lab 6 - Using a LiteGRC Risk Management Tool

YOU WILL LEARN:

  • Students will learn step by step how to perform a risk assessment.
  • Students will learn how to map an organization's business requirements to implemented security controls.
  • Students will learn the elements of risk assessment and the data necessary for performing an effective risk assessment.
  • Students will learn about what in depth risk management models exist for implementing a deeper risk management program in their organization.

YOU WILL BE ABLE TO:

  • Perform a complete risk assessment
  • Inventory an organization's most critical information assets
  • Assign a data owner and custodian to an information asset
  • Assign classification values to critical information assets
  • Prioritize risk remediation efforts as a result of performing a risk assessment
  • Evaluate risk management models for use in their own organization

WHAT YOU WILL RECEIVE:

  • Electronic Courseware for learning how to perform risk management
  • A unique course spreadsheet tool for performing risk management
  • Open source tools for performing risk management
  • MP3 audio files of the complete course lecture

OTHER COURSES PEOPLE HAVE TAKEN:

Course Syllabus

CPE/CMU Credits: 6

Topics
  • Understanding Risk
  • Control Focused Risk Assessment
  • How to Perform a Simple Risk Assessment
  • Risk Assessment Case Study

CPE/CMU Credits: 6

Topics
  • Formal Risk Management Models and Tools
  • Event Focused Risk Management
  • Risk Management Case Study
  • Risk Management Software
  • Risk Remediation & Response
Schedule
Date Time Instructor
Mon Mar 22nd, 20211:00 PM - 5:00 PM CET
G. Mark Hardy
Tue Mar 23rd, 20211:00 PM - 5:00 PM CET
G. Mark Hardy
Wed Mar 24th, 20211:00 PM - 5:00 PM CET
G. Mark Hardy
Thu Mar 25th, 20211:00 PM - 5:00 PM CET
G. Mark Hardy

Additional Information

Important! Bring your own system configured according to these instructions!

We ask that you do 5 things to prepare prior to class start. This early preparation will allow you to get the most out of your training. One of those five steps is ensuring that you bring a properly configured system to class. This document details the required system hardware and software configuration for your class. You can also watch a series of short videos on these topics at the following web link https://sansurl.com/sans-setup-videos.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

Students need to bring a computer to class with Microsoft Office 2016 (or later) installed on it. The ability to open Microsoft Excel files is a must. Students may choose to bring a computer with another spreadsheet program installed on it, however the tools provided in class have only been thoroughly tested with Microsoft Office products, and certain functionality in the tools will not work properly with other spreadsheet programs. Therefore, it is highly recommended that students bring a copy of Microsoft Office 2016 or later installed on their machine.

Also, students will need to download sample tools or resources as a part of the classroom activities. Internet access will be provided in the classroom to access these resources using a dedicated wireless network. Therefore, student laptops should come capable of accessing wireless networks and students should have the ability to configure all wireless network settings on their machine.

Our hope is that by following these simple instructions you will be able to make the most of your classroom experience.

If you have additional questions about the laptop specifications, please contact√¬†laptop_prep@sans.org.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

  • Any security engineers, compliance directors, managers, auditors
  • Auditors
  • Directors of security compliance
  • Information assurance management
  • System administrators

"I learned tons of great information, which will fill in the gaps for me in understanding how we have organized our Risk Management practice at my place of employment." - Bree Cooper, Comerica

A basic understanding of information security and information security management topics is helpful for students attending this class. However, a strong background in any of these skills is not a pre-requisite for the class. In the class students will be taught a step by step approach for performing a risk assessment regardless of their technical information security or management background.

"You come away with a framework for action that you can take back to help your organization to deal with risk." - James Voorhees, Sage Management

Author Statement

"Most every time we talk with an organization, whether that be a private company or a government agency, we meet people who want to use risk assessment as a tool, but are not actually using it as they could. No organization has enough resources to do everything they would like to defend themselves. At some point a priority decision has to be made. We either make those decisions individually based on whatever need seems to be the most pressing in from of us today, or we take a methodical approach, getting as much input from the business as possible. Risk management is the tool we have available for taking the methodical path.

This course has been written with practicality and usability in mind. Risk models and learning ALE to pass a certification test is fine. But to defend our systems, we need practical skills in risk assessment. This course will teach students the hands-on skills necessary to immediately start using risk assessment as a tool to defend their organization."

- James Tarala & Kelli Tarala

"James was great! Very informative, clear and concise." - Sean O'Connor, Secureworks