4.5 Develop an Incident Response Plan, Business Continuity Plan, or

AKYLADE Cyber Risk Management Foundations (A/CRMF)

INTRODUCTION

0.1 Course Trailer: The REAL Value of GRC and Why It's Never Boring (2:16)
0.2 Course Overview: Building Risk Management Skills that Open Doors (5:54)
0.3 Risk is the Heart and Center of GRC -⭐ ft. Dr. Gerald Auger (61:30)
0.4 Cover Your Asse(t)s! Due Diligence and Due Care -⭐ ft. Dr. Gerald Auger (6:17)
0.5 Your Opportunity to Network in Simply Cyber Discord (1:36)
0.6 Resume Bullets Unlocked

DOMAIN 1: Risk Management Concepts | 1.1 Risk Management Lifecycles, Frameworks and Processes

Module Summary
1.1.0 Introduction -⭐ ft. Dr. Gerald Auger (4:30)
1.1.1 Risk Management Lifecycle (7:05)
1.1.2 Who's Using What Framework? (3:38)
1.1.3 Risk Management Process (NIST SP 800-39) (5:42)
1.1.4 Risk Management Framework (NIST SP 800-37) Part 1 (9:02)
1.1.5 Risk Management Framework Part 2: Authority to Operate -⭐ ft. Dr. Gerald Auger (2:44)
1.1.6 ISO/IEC 27001 (2:57)
1.1.7 Case Study: 300 Drinking Water Systems Exposed to Attacks -⭐ ft. Dr. Gerald Auger (9:58)
1.1.8 Key Takeaways (2:02)
Quiz

DOMAIN 1: Risk Management Concepts | 1.2 Explain the types of risk and risk responses which can be utilized by an organization

Module Summary
1.2.0 Introduction -⭐ ft. Dr. Gerald Auger (2:57)
1.2.1 Risk Responses (19:12)
1.2.2 Types of Risk (6:48)
1.2.3 Unpacking Cyber Risk (7:20)
1.2.4 Risk Registers (8:43)
Quiz

DOMAIN 1: Risk Management Concepts | 1.3 Given a scenario, conduct a qualitative, quantitative, or hybrid risk analysis

Module Summary
1.3.0 Introduction -⭐ ft. Dr. Gerald Auger (6:23)
1.3.1 Hybrid Risk Analysis -⭐ ft. Richard Seiersen (5:03)
1.3.2 Qualitative Risk Analysis Concepts (5:50)
1.3.3 Qualitative Risk Analysis Techniques (16:00)
1.3.4 Cyber Risk Quantification (CRQ) Introduction: SLE, ALE, ARO -⭐ ft. Richard Seiersen (13:17)
1.3.5 Loss Distribution Approach (LDA) (7:08)
1.3.6 Executive Metrics: Value At Risk (VaR), Conditional Value at Risk (CVaR) (5:16)
1.3.7 Factor Analysis of Information Risk (FAIR) (6:29)
Quiz

DOMAIN 1: Risk Management Concepts | 1.4 Explain the importance of training and awareness programs to mitigate risk within an organization

Module Summary
1.4.0 Introduction -⭐ ft. Dr. Gerald Auger (6:43)
1.4.1 Training and Awareness Programs Part 1 w/ Example End User Training (14:53)
1.4.2 Training and Awareness Part 2 w/ Phishing Campaign Results Executive Briefing (5:08)
1.4.3 Secure Software Development Lifecycle (SDLC) Training: Underneath the Waterline (14:14)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.1 Given a scenario, explain how common threats and vulnerabilities may affect an organization’s risk posture

Module Summary
2.1.0 Introduction (1:10)
2.1.1 New Mirai botnet infect TBK DVR devices via command injection flaw -⭐ ft. Dr. Gerald Auger in DCTB (6:29)
2.1.2 StealC malware enhanced with stealth upgrades and data theft tools -⭐ ft. Dr. Gerald Auger in DCTB (6:03)
2.1.3 Alleged 'Scattered Spider' Member Extradited to U.S. -⭐ ft. Dr. Gerald Auger in DCTB (7:00)
2.1.4 Russian army targeted by new Android malware hidden in mapping app -⭐ ft. Dr. Gerald Auger in DCTB (9:16)
2.1.5 Thailand cuts power supply to Myanmar scam hubs. -⭐ ft. Dr. Gerald Auger in DCTB (6:44)
2.1.6 Despite ransom payment, PowerSchool hacker now extorting individual school districts -⭐ ft. Dr. Gerald Auger in DCTB (5:42)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.2 Given a scenario, identify assumptions that affect how risk is assessed, responded to, and monitored within the organization

Module Summary
2.2.1 Business Impact Analysis (BIA) (11:33)
2.2.2 Financial Analysis: Total Cost of Ownership (TCO) (4:18)
2.2.3 Return on Investment (ROI) (2:06)
2.2.4 Return On Assets (ROA) (3:16)
2.2.5 Net Present Value (NPV), Internal Rate of Return (IRR) (3:50)
2.2.6 Cost Benefit Analysis (CBA) and Payback Period (2:12)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.3 Summarize constraints on the conduct of risk assessment, risk response, and risk monitoring activities within the organization

Module Summary
2.3.0 Introduction -⭐ ft. Dr. Gerald Auger (7:21)
2.3.1 Constraints on the conduct of risk assessment, risk response and risk monitoring (13:20)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.4 Given a scenario, identify the level of risk tolerance for an organization

Module Summary
2.4.1 Ceilings and Floors: Understanding Risk Appetite and Tolerance (12:10)
2.4.2 Governance: Risk Profiles and Aggregation (3:45)
2.4.3 Understanding Risk Culture (9:21)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.5 Given a scenario, consider the priorities and trade-offs considered by an organization when managing risk

Module Summary
2.5 Priorities and Trade-Offs when Managing Risk (7:13)

DOMAIN 2: Risk Strategy and Governance | 2.6 Explain how a comprehensive organizational risk management strategy is developed

Module Summary
2.6 Comprehensive Risk Management Strategy -⭐ ft. Richard Seiersen (10:35)

DOMAIN 3: Risk Identification and Analysis | 3.1 Given a scenario, identify threats and vulnerabilities in organizational information systems and the environments in which they operate

Module Summary
3.1.0 Introduction -⭐ ft. Dr. Gerald Auger (9:14)
3.1.1 Threat Modeling -⭐ ft. Dr. Gerald Auger (10:55)
3.1.2 MITRE ATT&CK Framework (10:17)
3.1.3 STRIDE (4:13)
3.1.4 AI Augmented STRIDE Risk Assessment (3:02)
3.1.5 PASTA (4:14)
3.1.6 OCTAVE (5:35)
3.1.7 Attack Trees (7:23)
3.1.8 Analyzing Network Traffic (4:57)
3.1.9 Analyzing Security Log Data -⭐ ft. Dr. Gerald Auger (18:02)
3.1.10 Policy Review (6:11)
3.1.11 Identify Operational Technology (OT) and Information Technology (IT) Interconnections (7:18)
Quiz

DOMAIN 3: Risk Identification and Analysis | 3.2 Given a scenario, determine the risk to organizational operations, assets, and personnel when a threat exploits a vulnerability

Module Summary
3.2.0 What You Need to Know About CVE, CVSS, EPSS and Beyond -⭐ ft. Dr. Gerald Auger (10:49)
3.2.1 GRC Engineering: DevSecOps, CI/CD Pipelines (13:29)
Quiz

DOMAIN 3: Risk Identification and Analysis | 3.3 Summarize the use of vulnerability assessment and penetration testing to validate the potential threats against known vulnerabilities

Module Summary
3.3.0 Introduction -⭐ ft. Dr. Gerald Auger (7:28)
3.3.1 Vulnerability Scanners, Network Analyzers, and Automated Exploitation Toolsets (6:55)
3.3.2 Web Application Scanners - ZAP (7:29)
3.3.3 Configuration Management Toolsets - AWS Config (6:36)
3.3.4 Social Engineering and Phishing (10:56)
3.3.5 Manual Code Reviews (3:43)
3.3.6 Custom Exploit Development (11:07)
3.3.7 Physical Security Testing (8:59)

DOMAIN 3: Risk Identification and Analysis | 3.4 Given a scenario, analyze and prioritize security risks based on their likelihood of occurrence and impact to the organization’s operations

Module Summary
3.4.0 Introduction -⭐ ft. Dr. Gerald Auger (3:37)
3.4.1 Enterprise Networks and Defense in Depth of Controls (4:53)
3.4.2 Mobile Device Risk Management (BYOD, CYOD, COPE, COBO) (11:04)
3.4.3 IoT, OT, ICS, SCADA (12:53)
3.4.4 Remote Access Technologies (9:13)
3.4.5 Cloud Computing (8:11)
3.4.6 Single Vendor Cloud Environments -⭐ ft. Dr. Gerald Auger in DCTB (5:07)
3.4.7 Multi Cloud Environments -⭐ ft. Dr. Gerald Auger in DCTB (8:58)
3.4.8 Virtualized and Containerized Systems (4:42)

DOMAIN 3: Risk Identification and Analysis | 3.5 Given a scenario, conduct assessments for new and existing systems

Module Summary
3.5.0 Introduction -⭐ ft. Dr. Gerald Auger (3:52)
3.5.1 Asset Inventory Assessment (14:32)
3.5.2 Privacy Impact Assessment (PIA) (7:53)
3.5.3 Security Risk Assessment (16:03)
3.5.4 Physical Security Assessment (8:47)
3.5.5 OT Risk Assessment (8:01)
3.5.6 Cloud Migration Assessment (9:45)
3.5.7 SOC 2 Assessment: Description of a System (9:03)
3.5.8 ISO/IEC 27001 Assessment: Statement of Applicability (4:28)
3.5.9 Biometric Implementation Assessment: FRR, FAR, CER (9:19)
3.5.10 Third-Party Vendor Assessment (14:31)

DOMAIN 3: Risk Identification and Analysis | 3.6 Given a scenario, assess an organization’s data loss prevention strategy and systems

Module Summary
3.6 Data Loss Prevention (DLP) Strategy (35:42)

DOMAIN 4: Risk Response and Mitigation

Module Summary
4.1-4.4 Given a scenario, develop and implement an appropriate risk response strategy including evaluation of alternatives, selection of measures and controls, and execution of the chosen course of action (10:27)
4.5 Develop an Incident Response Plan, Business Continuity Plan, or Continuity of Operations Plan to address potential incidents - ⭐ ft. Dr. Gerald Auger (10:24)
4.6 Evaluate the effectiveness of current risk mitigation measures and controls - ⭐ ft. Dr. Gerald Auger (17:10)

DOMAIN 5: Risk Monitoring and Communication | 5.1 Given a scenario, develop a risk monitoring strategy for an organization that includes the purpose, type, and frequency of monitoring activities

Module Summary
5.1.0 Introduction -⭐ ft. Dr. Gerald Auger (6:51)
5.1.1 Risk Exposure Monitoring -⭐ ft. Richard Seiersen (5:14)
5.1.2 The Three Measures: Coverage, Configuration, and Capability (4:28)
5.1.3 Beyond the Pick List: Building Cybersecurity Metrics That Matter -⭐ ft. Richard Seiersen (5:45)
5.1.4 Change Monitoring (1:20)
5.1.5 Key Performance Indicator vs Key Risk Indicator (1:07)

DOMAIN 5: Risk Monitoring and Communication | 5.2 Given a scenario, monitor organizational information systems and environments on an ongoing basis to verify compliance, determine effectiveness of risk response measures, and identify changes

Module Summary
5.2.0 Case Study: Building Security Operations for a Biotech Startup -⭐ ft. Dr. Gerald Auger (32:35)

DOMAIN 5: Risk Monitoring and Communication | 5.3 Explain how to maintain clear communication across diverse teams and stakeholders

5.3.0 Introduction -⭐ ft. Dr. Gerald Auger (8:47)
5.3.1 How to Present Cyber Risk to the Board -⭐ ft. Richard Seiersen (30:12)

DOMAIN 5: Risk Monitoring and Communication | 5.4 Given a scenario, prepare for and conduct audits within an organization

5.4.0 Introduction -⭐ ft. Dr. Gerald Auger (5:54)
5.4.1 Kicking Down Doors to Help With Audits! (34:42)
5.4.1 Enterprise Risk Assessment Security Control “Rosetta Stone” Paper v1.1

DOMAIN 5: Risk Monitoring and Communication | 5.5 Given a scenario, utilize a risk-based approach to conducting the authorization and accreditation process for information systems within an organization

5.5.0 Introduction -⭐ ft. Dr. Gerald Auger (12:22)
5.5.1 Authorizing Systems in Your Organization (6:12)

YOUR NEXT STEPS

Handy Reference Documents for Risk Management
Congrats and Your Next Steps (0:48)
💙 Let Us Know What You Think! (0:06)

PRACTICE EXAMS

Practice Exam 1
Practice Exam 2
Practice Exam 3
Practice Exam 4
Practice Exam 5
Practice Exam 6
Practice Exam 7

4.5 Develop an Incident Response Plan, Business Continuity Plan, or Continuity of Operations Plan to address potential incidents - ⭐ ft. Dr. Gerald Auger

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock