Managing Risk in Information Systems

  • Information security analysts
  • Payroll specialists
  • IT infrastructure security specialists
  • People who decide which information technology and cybersecurity products to acquire for their organization

Please contact us for information about prerequisites.

Expected Duration
5 day


This course provides a unique, in-depth look at how to manage and reduce IT-associated risks. You will learn about the Systems Security Certified Practitioner (SSCP) risk, response, and recovery domain in addition to risk management and its implications on IT infrastructures and compliance. Using examples and exercises, this course incorporates hands-on activities related to fundamentals of risk management, strategies, and approaches for mitigating risk. You will also learn how to create a plan that reduces risk. Additional course assets include case scenarios and handouts and eBook (via CourseSmart).


This course, written by Darril Gibson, author of the book CompTIA Security +: Get Certified, Get Ahead, covers content within the following industry certification exams:

  • Certified Information Systems Security Professional (CISSP) – two content domains covered
  • Security + – “Compliance and Operational Security” domain covered
  • System Security Certified Practitioner (SSCP) – “Risk, Response, and Recovery” domain covered
  • National Institute of Standards and Technology (NIST) – “Incident Response” domain covered
  • 8570.01 – “Compliance and Operational Security” domain covered


1. Risk Management Business Challenges

  • Risk Management Fundamentals
  • Managing Risk: Threats, Vulnerabilities, and Exploits
  • Maintaining Compliance
  • Developing a Risk Management Plan

2. Mitigating Risk

  • Defining Risk Assessment Approaches
  • Performing a Risk Assessment
  • Identifying Assets and Activities to Be Protected
  • Identifying and Analyzing Threats, Vulnerabilities, and Exploits
  • Identifying and Analyzing Risk Mitigation Security Controls
  • Planning Risk Mitigation Throughout the Organization
  • Turning Your Risk Assessment into a Risk Mitigation Plan

3. Risk Mitigation Plans

  • Mitigating Risk with a Business Impact Analysis
  • Mitigating Risk with a Business Continuity Plan
  • Mitigating Risk with a Disaster Recovery Plan
  • Mitigating Risk with a Computer Incident Response Team Plan



Select Course Options