4.1-4.4 Given a scenario, develop and implement an appropriate risk

AKYLADE Cyber Risk Management Foundations (A/CRMF)

INTRODUCTION

0.1 Course Trailer: The REAL Value of GRC and Why It's Never Boring (2:16)
0.2 Course Overview: Building Risk Management Skills that Open Doors (5:54)
0.3 Risk is the Heart and Center of GRC -⭐ ft. Dr. Gerald Auger (61:30)
0.4 Cover Your Asse(t)s! Due Diligence and Due Care -⭐ ft. Dr. Gerald Auger (6:17)
0.5 Your Opportunity to Network in Simply Cyber Discord (1:36)
0.6 Resume Bullets Unlocked

DOMAIN 1: Risk Management Concepts | 1.1 Risk Management Lifecycles, Frameworks and Processes

Module Summary
1.1.0 Introduction -⭐ ft. Dr. Gerald Auger (4:30)
1.1.1 Risk Management Lifecycle (7:05)
1.1.2 Who's Using What Framework? (3:38)
1.1.3 Risk Management Process (NIST SP 800-39) (5:42)
1.1.4 Risk Management Framework (NIST SP 800-37) Part 1 (9:02)
1.1.5 Risk Management Framework Part 2: Authority to Operate -⭐ ft. Dr. Gerald Auger (2:44)
1.1.6 ISO/IEC 27001 (2:57)
1.1.7 Case Study: 300 Drinking Water Systems Exposed to Attacks -⭐ ft. Dr. Gerald Auger (9:58)
1.1.8 Key Takeaways (2:02)
Quiz

DOMAIN 1: Risk Management Concepts | 1.2 Explain the types of risk and risk responses which can be utilized by an organization

Module Summary
1.2.0 Introduction -⭐ ft. Dr. Gerald Auger (2:57)
1.2.1 Risk Responses (19:12)
1.2.2 Types of Risk (6:48)
1.2.3 Unpacking Cyber Risk (7:20)
1.2.4 Risk Registers (8:43)
Quiz

DOMAIN 1: Risk Management Concepts | 1.3 Given a scenario, conduct a qualitative, quantitative, or hybrid risk analysis

Module Summary
1.3.0 Introduction -⭐ ft. Dr. Gerald Auger (6:23)
1.3.1 Hybrid Risk Analysis -⭐ ft. Richard Seiersen (5:03)
1.3.2 Qualitative Risk Analysis Concepts (5:50)
1.3.3 Qualitative Risk Analysis Techniques (16:00)
1.3.4 Cyber Risk Quantification (CRQ) Introduction: SLE, ALE, ARO -⭐ ft. Richard Seiersen (13:17)
1.3.5 Loss Distribution Approach (LDA) (7:08)
1.3.6 Executive Metrics: Value At Risk (VaR), Conditional Value at Risk (CVaR) (5:16)
1.3.7 Factor Analysis of Information Risk (FAIR) (6:29)
Quiz

DOMAIN 1: Risk Management Concepts | 1.4 Explain the importance of training and awareness programs to mitigate risk within an organization

Module Summary
1.4.0 Introduction -⭐ ft. Dr. Gerald Auger (6:43)
1.4.1 Training and Awareness Programs Part 1 w/ Example End User Training (14:53)
1.4.2 Training and Awareness Part 2 w/ Phishing Campaign Results Executive Briefing (5:08)
1.4.3 Secure Software Development Lifecycle (SDLC) Training: Underneath the Waterline (14:14)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.1 Given a scenario, explain how common threats and vulnerabilities may affect an organization’s risk posture

Module Summary
2.1.0 Introduction (1:10)
2.1.1 New Mirai botnet infect TBK DVR devices via command injection flaw -⭐ ft. Dr. Gerald Auger in DCTB (6:29)
2.1.2 StealC malware enhanced with stealth upgrades and data theft tools -⭐ ft. Dr. Gerald Auger in DCTB (6:03)
2.1.3 Alleged 'Scattered Spider' Member Extradited to U.S. -⭐ ft. Dr. Gerald Auger in DCTB (7:00)
2.1.4 Russian army targeted by new Android malware hidden in mapping app -⭐ ft. Dr. Gerald Auger in DCTB (9:16)
2.1.5 Thailand cuts power supply to Myanmar scam hubs. -⭐ ft. Dr. Gerald Auger in DCTB (6:44)
2.1.6 Despite ransom payment, PowerSchool hacker now extorting individual school districts -⭐ ft. Dr. Gerald Auger in DCTB (5:42)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.2 Given a scenario, identify assumptions that affect how risk is assessed, responded to, and monitored within the organization

Module Summary
2.2.1 Business Impact Analysis (BIA) (11:33)
2.2.2 Financial Analysis: Total Cost of Ownership (TCO) (4:18)
2.2.3 Return on Investment (ROI) (2:06)
2.2.4 Return On Assets (ROA) (3:16)
2.2.5 Net Present Value (NPV), Internal Rate of Return (IRR) (3:50)
2.2.6 Cost Benefit Analysis (CBA) and Payback Period (2:12)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.3 Summarize constraints on the conduct of risk assessment, risk response, and risk monitoring activities within the organization

Module Summary
2.3.0 Introduction -⭐ ft. Dr. Gerald Auger (7:21)
2.3.1 Constraints on the conduct of risk assessment, risk response and risk monitoring (13:20)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.4 Given a scenario, identify the level of risk tolerance for an organization

Module Summary
2.4.1 Ceilings and Floors: Understanding Risk Appetite and Tolerance (12:10)
2.4.2 Governance: Risk Profiles and Aggregation (3:45)
2.4.3 Understanding Risk Culture (9:21)
Quiz

DOMAIN 2: Risk Strategy and Governance | 2.5 Given a scenario, consider the priorities and trade-offs considered by an organization when managing risk

Module Summary
2.5 Priorities and Trade-Offs when Managing Risk (7:13)

DOMAIN 2: Risk Strategy and Governance | 2.6 Explain how a comprehensive organizational risk management strategy is developed

Module Summary
2.6 Comprehensive Risk Management Strategy -⭐ ft. Richard Seiersen (10:35)

DOMAIN 3: Risk Identification and Analysis | 3.1 Given a scenario, identify threats and vulnerabilities in organizational information systems and the environments in which they operate

Module Summary
3.1.0 Introduction -⭐ ft. Dr. Gerald Auger (9:14)
3.1.1 Threat Modeling -⭐ ft. Dr. Gerald Auger (10:55)
3.1.2 MITRE ATT&CK Framework (10:17)
3.1.3 STRIDE (4:13)
3.1.4 AI Augmented STRIDE Risk Assessment (3:02)
3.1.5 PASTA (4:14)
3.1.6 OCTAVE (5:35)
3.1.7 Attack Trees (7:23)
3.1.8 Analyzing Network Traffic (4:57)
3.1.9 Analyzing Security Log Data -⭐ ft. Dr. Gerald Auger (18:02)
3.1.10 Policy Review (6:11)
3.1.11 Identify Operational Technology (OT) and Information Technology (IT) Interconnections (7:18)
Quiz

DOMAIN 3: Risk Identification and Analysis | 3.2 Given a scenario, determine the risk to organizational operations, assets, and personnel when a threat exploits a vulnerability

Module Summary
3.2.0 What You Need to Know About CVE, CVSS, EPSS and Beyond -⭐ ft. Dr. Gerald Auger (10:49)
3.2.1 GRC Engineering: DevSecOps, CI/CD Pipelines (13:29)
Quiz

DOMAIN 3: Risk Identification and Analysis | 3.3 Summarize the use of vulnerability assessment and penetration testing to validate the potential threats against known vulnerabilities

Module Summary
3.3.0 Introduction -⭐ ft. Dr. Gerald Auger (7:28)
3.3.1 Vulnerability Scanners, Network Analyzers, and Automated Exploitation Toolsets (6:55)
3.3.2 Web Application Scanners - ZAP (7:29)
3.3.3 Configuration Management Toolsets - AWS Config (6:36)
3.3.4 Social Engineering and Phishing (10:56)
3.3.5 Manual Code Reviews (3:43)
3.3.6 Custom Exploit Development (11:07)
3.3.7 Physical Security Testing (8:59)

DOMAIN 3: Risk Identification and Analysis | 3.4 Given a scenario, analyze and prioritize security risks based on their likelihood of occurrence and impact to the organization’s operations

Module Summary
3.4.0 Introduction -⭐ ft. Dr. Gerald Auger (3:37)
3.4.1 Enterprise Networks and Defense in Depth of Controls (4:53)
3.4.2 Mobile Device Risk Management (BYOD, CYOD, COPE, COBO) (11:04)
3.4.3 IoT, OT, ICS, SCADA (12:53)
3.4.4 Remote Access Technologies (9:13)
3.4.5 Cloud Computing (8:11)
3.4.6 Single Vendor Cloud Environments -⭐ ft. Dr. Gerald Auger in DCTB (5:07)
3.4.7 Multi Cloud Environments -⭐ ft. Dr. Gerald Auger in DCTB (8:58)
3.4.8 Virtualized and Containerized Systems (4:42)

DOMAIN 3: Risk Identification and Analysis | 3.5 Given a scenario, conduct assessments for new and existing systems

Module Summary
3.5.0 Introduction -⭐ ft. Dr. Gerald Auger (3:52)
3.5.1 Asset Inventory Assessment (14:32)
3.5.2 Privacy Impact Assessment (PIA) (7:53)
3.5.3 Security Risk Assessment (16:03)
3.5.4 Physical Security Assessment (8:47)
3.5.5 OT Risk Assessment (8:01)
3.5.6 Cloud Migration Assessment (9:45)
3.5.7 SOC 2 Assessment: Description of a System (9:03)
3.5.8 ISO/IEC 27001 Assessment: Statement of Applicability (4:28)
3.5.9 Biometric Implementation Assessment: FRR, FAR, CER (9:19)
3.5.10 Third-Party Vendor Assessment (14:31)

DOMAIN 3: Risk Identification and Analysis | 3.6 Given a scenario, assess an organization’s data loss prevention strategy and systems

Module Summary
3.6 Data Loss Prevention (DLP) Strategy (35:42)

DOMAIN 4: Risk Response and Mitigation

Module Summary
4.1-4.4 Given a scenario, develop and implement an appropriate risk response strategy including evaluation of alternatives, selection of measures and controls, and execution of the chosen course of action (10:27)
4.5 Develop an Incident Response Plan, Business Continuity Plan, or Continuity of Operations Plan to address potential incidents - ⭐ ft. Dr. Gerald Auger (10:24)
4.6 Evaluate the effectiveness of current risk mitigation measures and controls - ⭐ ft. Dr. Gerald Auger (17:10)

DOMAIN 5: Risk Monitoring and Communication | 5.1 Given a scenario, develop a risk monitoring strategy for an organization that includes the purpose, type, and frequency of monitoring activities

Module Summary
5.1.0 Introduction -⭐ ft. Dr. Gerald Auger (6:51)
5.1.1 Risk Exposure Monitoring -⭐ ft. Richard Seiersen (5:14)
5.1.2 The Three Measures: Coverage, Configuration, and Capability (4:28)
5.1.3 Beyond the Pick List: Building Cybersecurity Metrics That Matter -⭐ ft. Richard Seiersen (5:45)
5.1.4 Change Monitoring (1:20)
5.1.5 Key Performance Indicator vs Key Risk Indicator (1:07)

DOMAIN 5: Risk Monitoring and Communication | 5.2 Given a scenario, monitor organizational information systems and environments on an ongoing basis to verify compliance, determine effectiveness of risk response measures, and identify changes

Module Summary
5.2.0 Case Study: Building Security Operations for a Biotech Startup -⭐ ft. Dr. Gerald Auger (32:35)

DOMAIN 5: Risk Monitoring and Communication | 5.3 Explain how to maintain clear communication across diverse teams and stakeholders

5.3.0 Introduction -⭐ ft. Dr. Gerald Auger (8:47)
5.3.1 How to Present Cyber Risk to the Board -⭐ ft. Richard Seiersen (30:12)

DOMAIN 5: Risk Monitoring and Communication | 5.4 Given a scenario, prepare for and conduct audits within an organization

5.4.0 Introduction -⭐ ft. Dr. Gerald Auger (5:54)
5.4.1 Kicking Down Doors to Help With Audits! (34:42)
5.4.1 Enterprise Risk Assessment Security Control “Rosetta Stone” Paper v1.1

DOMAIN 5: Risk Monitoring and Communication | 5.5 Given a scenario, utilize a risk-based approach to conducting the authorization and accreditation process for information systems within an organization

5.5.0 Introduction -⭐ ft. Dr. Gerald Auger (12:22)
5.5.1 Authorizing Systems in Your Organization (6:12)

YOUR NEXT STEPS

Handy Reference Documents for Risk Management
Congrats and Your Next Steps (0:48)
💙 Let Us Know What You Think! (0:06)

PRACTICE EXAMS

Practice Exam 1
Practice Exam 2
Practice Exam 3
Practice Exam 4
Practice Exam 5
Practice Exam 6
Practice Exam 7

4.1-4.4 Given a scenario, develop and implement an appropriate risk response strategy including evaluation of alternatives, selection of measures and controls, and execution of the chosen course of action

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock