CISSP: Risk Management

Individuals interested in information systems security concepts, methodologies and best practices; candidates for the Certified Information Systems Security Professional (CISSP) exam


Expected Duration
101 minutes

Risk management is an integral part of overall information systems security. In this course, you’ll learn about personnel security best practices, risk management concepts, and risk analysis techniques. You’ll also be introduced to threat modeling best practices, countermeasure selection, and implementing risk controls. Finally, this course covers risk monitoring and reporting best practices. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Information Systems Security Professional (CISSP) exam.


Personnel Security Policies

  • start the course
  • identify best security practices for screening employee candidates
  • identify best security practices for employment agreements and policies
  • identify best security practices for employment termination processes
  • identify best security control practices when partnering with vendors, consultants and contractors
  • identify best practices for establishing personnel security compliance policies
  • identify best practices for implementing personnel security policies

Applying Risk Management Concepts

  • identify security threats and vulnerabilities
  • distinguish between qualitative, quantitative, and hybrid risk assessment strategies
  • identify options for assigning and accepting risk
  • select risk countermeasures
  • implement risk countermeasures and controls
  • distinguish between preventive, detective, and corrective risk control types
  • identify best practices for assessing risk controls
  • identify best practices for measuring and monitoring risk
  • specify the purpose of valuating assets
  • identify best practices for reporting risk management activities and findings
  • specify the purpose and best practices of continuous improvement as a result of risk management activities
  • identify appropriate risk frameworks

Applying Threat Modeling

  • identify threats using threat modeling techniques
  • use threat trees to diagram potential attacks
  • identify best practices when performing a reduction analysis
  • distinguish between different technologies and processes that can be used to remediate threats

Integrating Risk Considerations into Acquisitions

  • identify best practices for ensuring risk considerations are applied when outsourcing hardware, software and services
  • recognize third-party assessment and monitoring techniques for risk mitigation
  • identify best practices when establishing minimum security requirements for acquisition activities
  • use an SLA to define appropriate service-level requirements

Establishing IS Education, Training, and Awareness

  • specify appropriate information system training, education and awareness levels for an organization
  • identify best practices for conducting periodic reviews for content relevancy

Practice: Assessing and Managing Risk

  • select appropriate techniques for assessing risk and implementing risk remediation options





Multi-license discounts available for Annual and Monthly subscriptions.