OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Course image
Udemy logo

Risk Management for Cybersecurity and IT Managers

4.5 Filled star Filled star Filled star Filled star Half star
Based on 20,755 ratings
see reviews
Jason Dion • 1.8 Million+ Enrollments Worldwide and Dion Training Solutions • ATO for ITIL & PRINCE2

Have you ever wondered why your organization's executives or your manager made a decision to fund or not fund your project?

Read more

Have you ever wondered why your organization's executives or your manager made a decision to fund or not fund your project?

In this course, you will get an inside look at how cybersecurity and information technology (IT) managers determine which projects they will support with funding, and which they won't, based on a preliminary risk analysis. Over the past two decades, I have worked in the cybersecurity and information technology realm, fighting for my projects to be funded. Early in my career, I didn't understand why certain projects would be funded and executed, while others wouldn't. What I learned, is that it all came down to Risk Management by our executives and managers.

You will learn the terms used by executives and managers in discussing Risk Management, and how to apply the concepts of Risk Management to your networks, systems, and projects. This course is not an operational or tactical course that focuses on how you will secure your networks, but instead focuses on the mindset of managers and teaches you how to think like they do. Once you master these concepts, it is much easier to build your business case for your projects and justify your budgetary needs.

Throughout this course, we will discuss what comprises Risk (assets, threats, and vulnerabilities), providing numerous real-world examples along the way. We will also cover Qualitative and Quantitative Risk Measurements, showing how you can calculate the risk of an uncertainty due to vulnerabilities and threats.

This course also includes two case studies of what happens when risk management fails, as demonstrated by the Amazon Web Services outage and Equifax data breach that both occurred in 2017. You will learn to better understand these scenarios, what caused the outage/breach, and why managers may have made the decisions they did that led up to them.

Upon completion of this course, you will earn 3 CEUs towards the renewal of your CompTIA A+, Network+, Security+, Linux+, Cloud+, PenTest+, CySA+, or CASP+ certifications.

Enroll now

What's inside

Learning objectives

  • Understand the foundations of risk management in the cybersecurity and information technology field
  • Be able to use qualitative risk measurement techniques when discussing networks and projects
  • Be able to use quantitative risk measurement techniques when discussing networks and projects
  • Discuss current events in the technology space in relation to risk management decisions

Syllabus

Introduction

This video contains a short introduction from your instructor, Jason.

This lesson includes the downloadable study guide as a resource for your offline studies and note taking.

Read more

In this lecture, we will discuss the three major components of risk: assets, vulnerabilities, and threats.

In this lecture, you will learn the different types of risk that exist in the business world and in our IT networks.

In this lesson, we will discuss the different types of threats that our networks and businesses face.

In this lecture, we will breakdown what happens when Risk Management fails by examining the Amazon Web Services outage from 2017 that took down nearly the entire East Coast region!

In this video, we will introduce the concepts of mitigating, transferring, avoiding, and accepting risk.

In this video, we will dive deeper into the concept of Risk Mitigation.

In this video, we will dive deeper into the concept of Risk Transference.

In this video, we will dive deeper into the concept of Risk Avoidance.

In this video, we will dive deeper into the concept of Risk Acceptance.

In this video, we will discuss how risk controls are selected.

In this lesson, we will take a small detour into the world of project management (PMP and PRINCE2) to discuss additional risk responses that are available beyond the four basics we discussed above.

In this lesson, you will learn the different types of ways to calculate risk.

In this video, we will discuss the qualitative risk measurement methods.

In this video, we will discuss the quantitative risk measurement methods.

In this video, we will discuss the Equifax data breach of July 2017, what led up to it, and the management decisions that could have prevented it.

In this short video, students will receive an introduction to this section of interviews with industry professionals in the Government, Defense, Commercial, and Health Care sectors and how they implement Risk Management in the Real World. 

In this video, Jason interviews Mr. Randy Fuller who worked in the Government sector. Mr. Fuller's organization spans across 6 continents and hundreds of thousands of users.

In this video, Jason interviews Mr. Corey Charles who works as an IT Manager in the Vulnerability Management space in the Government sector. Mr. Charles' organization spans across 6 states and thousands of users.

In this video, Jason interviews Mr. David Anderson, the Director of Information Security Operations for a major health care provider in the United States. His organization spans 46 hospitals across numerous states, and gives us a unique inside look at how decisions made decades ago can still affect the risk posture of our networks today. (The audio quality is not the greatest, unfortunately, as we had to record it over a phone line connection, but it is well worth listening to because the discussion he provides us is outstanding!)

In this interview, we talk with Tu Laniyonu who works in the Government Sector as a digital forensic examiner working on cases of suspected insider threats.

In this video, we will provide a short conclusion and summary of the course.

Traffic lights

Read about what's good
what should give you pause
and possible dealbreakers
Covers qualitative and quantitative risk measurement techniques, as well as case studies and industry examples
Course length is not provided
Taught by Jason Dion, an experienced IT and cybersecurity instructor
Objectives may be too general for some learners
Provides a comprehensive overview of risk management in IT and cybersecurity
Examines risk management failures through case studies, such as the Amazon Web Services outage and Equifax data breach

Save this course

Create your own learning path. Save this course to your list so you can find it easily later.
Save

Reviews summary

Strategic risk for it management

According to students, this course provides a strong foundation in understanding risk management from a manager's perspective within cybersecurity and IT. Learners praise its ability to bridge the gap between technical operations and executive decision-making, offering insights into why projects get funded. The course's real-world examples and case studies, alongside interviews with industry professionals, are highlighted as particularly valuable for contextualizing concepts. While the course is highly practical for those in or aspiring to leadership roles, a minority of reviewers found it to be too high-level, desiring deeper dives into implementation, reflecting its stated focus on strategic rather than operational aspects. The inclusion of CEUs for CompTIA certifications is a notable professional benefit.
Offers valuable CEUs for various CompTIA certifications.
"Plus, the CEUs are a great benefit for my certifications."
"The inclusion of CEUs is a thoughtful touch for professionals."
"The course delivered on its promise... Plus, the CEUs are a great benefit for my certifications."
Features practical examples and insightful industry interviews.
"The instructor's real-world examples, especially the AWS and Equifax case studies, were incredibly insightful."
"The interviews with industry professionals were a huge bonus, offering diverse perspectives."
"The case studies were particularly strong, providing concrete examples of risk failure."
Cultivates a manager's approach to cybersecurity and IT risk.
"This course was exactly what I needed to understand risk management from a strategic perspective."
"It really helped me understand why some projects get funded and others don't."
"This course demystifies the funding process and gives you the tools to speak the language of management."
Some interviews experienced noticeable audio quality issues.
"The interview with David Anderson had some audio issues, but his insights were valuable nonetheless."
"The audio quality in some interviews was distracting."
"Audio issues in one interview were noticeable."
Offers foundational strategic insights, less on tactical implementation.
"The course provides a good overview of risk management, but I felt some parts could go into more depth."
"I was hoping for more actionable strategies or deeper dives into specific risk frameworks."
"For beginners, it's probably fine, but for seasoned professionals, it might just be a refresher."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Risk Management for Cybersecurity and IT Managers with these activities:
Review Course Objectives
Help familiarize yourself with concepts and identify areas of focus.
Browse courses on Risk Management
Show steps
  • Read the course syllabus.
  • Review the course description.
Join a Cybersecurity Risk Management Study Group
Collaborate with peers to discuss concepts, share insights, and answer questions.
Browse courses on Risk Management
Show steps
  • Find a study group or create your own.
  • Set regular meeting times and discuss course materials.
Complete the SANS Risk Management for IT Professionals Tutorial
Gain structured guidance and deeper understanding of risk management principles.
Browse courses on Risk Management
Show steps
  • Enroll in the SANS Risk Management for IT Professionals Tutorial.
  • Complete the interactive modules and exercises.
Five other activities
Expand to see all activities and additional details
Show all eight activities
Attend a Risk Management Workshop
Engage with experts and practitioners to clarify concepts and learn best practices.
Browse courses on Risk Management
Show steps
  • Search for relevant risk management workshops.
  • Register and attend the workshop.
Solve Risk Management Case Studies
Apply concepts to real-world scenarios to test understanding and decision-making skills.
Browse courses on Case Studies
Show steps
  • Find risk management case studies online or in textbooks.
  • Analyze the case and identify risks.
  • Develop and evaluate mitigation strategies.
Create a Cybersecurity Risk Assessment Report
Reinforce understanding of risk analysis methods and documentation.
Browse courses on Risk Management
Show steps
  • Identify assets, threats, and vulnerabilities.
  • Assess likelihood and impact of risks.
  • Write an executive summary and recommendations.
Contribute to Risk Management Open Source Projects
Gain practical experience and contribute to the community while solidifying understanding.
Browse courses on Open Source
Show steps
  • Identify open source risk management projects.
  • Review the code and documentation.
  • Suggest improvements or contribute code.
Develop a Risk Management Plan for a Small Business
Integrate knowledge into a comprehensive plan that demonstrates practical application.
Browse courses on Risk Management Plan
Show steps
  • Identify business goals and objectives.
  • Conduct a risk assessment.
  • Develop risk mitigation strategies.
  • Create a risk management plan document.

Career center

Learners who complete Risk Management for Cybersecurity and IT Managers will develop knowledge and skills that may be useful to these careers:
Risk Manager
Risk Managers are responsible for identifying and mitigating risks to an organization. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop risk management plans, and implement risk controls. You will also learn about the latest risk management trends and best practices.
See salaries and explore the career path for Risk Manager
Chief Risk Officer (CRO)
CROs are responsible for overseeing an organization's risk management program. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop risk management plans, and implement risk controls. You will also learn about the latest risk management trends and best practices.
See salaries and explore the career path for Chief Risk Officer (CRO)
Chief Information Security Officer (CISO)
CISOs are responsible for overseeing an organization's information security program. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop security plans, and implement security controls. You will also learn about the latest security trends and best practices.
See salaries and explore the career path for Chief Information Security Officer (CISO)
Security Architect
Security Architects design and implement security solutions for organizations. This course can help you build a foundation in risk management, which is essential for designing secure systems. You will learn how to assess risks, develop security plans, and implement security controls. This knowledge will be invaluable in your career as a Security Architect.
See salaries and explore the career path for Security Architect
Cybersecurity Analyst
Cybersecurity Analysts are responsible for protecting computer networks and systems from cyberattacks. This course can help you develop the skills you need to succeed in this role. You will learn how to identify and mitigate security risks, develop security plans, and implement security controls. You will also learn about the latest cybersecurity threats and trends.
See salaries and explore the career path for Cybersecurity Analyst
Security Consultant
Security Consultants help organizations identify and mitigate security risks. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop security plans, and implement security controls. You will also learn about the latest security trends and best practices.
See salaries and explore the career path for Security Consultant
Risk Consultant
Risk Consultants help organizations identify and mitigate risks. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop risk management plans, and implement risk controls. You will also learn about the latest risk management trends and best practices.
See salaries and explore the career path for Risk Consultant
IT Manager
IT Managers are responsible for planning, implementing, and managing an organization's IT systems. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop IT plans, and implement IT controls. You will also learn about the latest IT trends and best practices.
See salaries and explore the career path for IT Manager
Project Manager
Project Managers are responsible for planning, executing, and closing projects. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop project plans, and implement project controls. You will also learn about the latest project management trends and best practices.
See salaries and explore the career path for Project Manager
Information Security Analyst
An Information Security Analyst plays a vital role in protecting an organization's computer networks and systems. This course can help you build a foundation in risk management, which is essential for identifying and mitigating security risks. You will learn how to assess risks, develop security plans, and implement security controls. This knowledge will be invaluable in your career as an Information Security Analyst.
See salaries and explore the career path for Information Security Analyst
Compliance Consultant
Compliance Consultants help organizations comply with all applicable laws and regulations. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop compliance plans, and implement compliance controls. You will also learn about the latest compliance trends and best practices.
See salaries and explore the career path for Compliance Consultant
IT Auditor
IT Auditors are responsible for reviewing and evaluating an organization's IT systems and controls. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop audit plans, and perform IT audits. You will also learn about the latest IT audit trends and best practices.
See salaries and explore the career path for IT Auditor
Business Analyst
Business Analysts are responsible for understanding and analyzing business needs. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop business plans, and implement business controls. You will also learn about the latest business analysis trends and best practices.
See salaries and explore the career path for Business Analyst
Compliance Manager
Compliance Managers are responsible for ensuring that an organization complies with all applicable laws and regulations. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop compliance plans, and implement compliance controls. You will also learn about the latest compliance trends and best practices.
See salaries and explore the career path for Compliance Manager
Privacy Officer
Privacy Officers are responsible for protecting an organization's privacy data. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop privacy plans, and implement privacy controls. You will also learn about the latest privacy trends and best practices.
See salaries and explore the career path for Privacy Officer

Reading list

We've selected ten books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Risk Management for Cybersecurity and IT Managers.
Cover image
Well-Being Over the Life Course
Save
Provides a comprehensive overview of the risk management process, which can be helpful for learners who want to understand how to manage risks in a variety of contexts.
Well-Being Over the Life Course: Incorporating...
Paperback
$$$
Well-Being Over the Life Course: Incorporating...
Kindle Edition
$$$
Cover image
Enhancing the Resilience of the Nation's...
Save
This document good resource for learning about the NIST Cybersecurity Framework, which can be helpful for learners who want to understand how to manage cybersecurity risks.
Enhancing the Resilience of the Nation's...
Kindle Edition
$$$
Cover image
Working with Dynamic Crop Models
Save
Provides a comprehensive overview of quantitative risk analysis, which can be helpful for learners who want to understand how to measure and evaluate risks in a variety of contexts.
Working with Dynamic Crop Models
Paperback
Check
Working with Dynamic Crop Models
Kindle Edition
Check
Cover image
CISA Certified Information Systems Auditor Bundle
Save
Provides practical guidance for CISOs on how to manage information security risk. It covers a wide range of topics, including risk assessment, risk mitigation, and risk reporting.
CISA Certified Information Systems Auditor Bundle
Paperback
Check
CISA Certified Information Systems Auditor Bundle
Kindle Edition
Check
Cover image
Statistical Inference
Save
Provides a comprehensive overview of risk analysis for IT professionals. It covers a wide range of topics, including risk assessment, risk mitigation, and risk management.
Statistical Inference
Paperback
Check
Statistical Inference
Kindle Edition
Check
Guide for Conducting Risk Assessments
Save
Provides guidance on how to conduct risk assessments. It valuable resource for anyone involved in the risk management process.
Guide for Conducting Risk Assessments: NIST SP 800...
Paperback
$
Deploying Microsoft Forefront Identity Manager 2010...
Save
Provides a guide to firewalls. It covers a wide range of topics, including risk assessment, risk mitigation, and risk management.
Deploying Microsoft Forefront Identity Manager 2010...
Paperback
Check
Deploying Microsoft Forefront Identity Manager 2010...
Kindle Edition
Check
Cover image
CompTIA Security+ All-in-One Exam Guide, Fifth...
Save
Provides a practical guide to computer and network security. It covers a wide range of topics, including risk assessment, risk mitigation, and risk management.
CompTIA Security+ All-in-One Exam Guide, Fifth...
Paperback
Check
CompTIA Security+ All-in-One Exam Guide, Fifth...
Kindle Edition
Check
Cover image
The Art of Deception
Save
Provides a look at the human element of security. It covers a wide range of topics, including risk assessment, risk mitigation, and risk management.
The Art of Deception: Controlling the Human Element...
Hardcover
$$
The Art of Deception: Controlling the Human Element...
Kindle Edition
$$
Cover image
Bruce Schneier on Trust Set
Save
Provides a look at the psychology of security. It covers a wide range of topics, including risk assessment, risk mitigation, and risk management.
Bruce Schneier on Trust Set
Paperback
Check
Bruce Schneier on Trust Set
Kindle Edition
Check

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Course image
Rating
4.5 Filled star Filled star Filled star Filled star Half star
Effort
3 total hours
Via
Udemy
Instructors
Jason Dion • 1.8 Million+ Enrollments Worldwide
Dion Training Solutions • ATO for ITIL & PRINCE2
Language
English
Traffic lights
Read about what's good
what should give you pause
and possible dealbreakers
Covers qualitative and quantitative risk measurement techniques, as well as case studies and industry examples
Course length is not provided
Taught by Jason Dion, an experienced IT and cybersecurity instructor
Objectives may be too general for some learners
Provides a comprehensive overview of risk management in IT and cybersecurity
Examines risk management failures through case studies, such as the Amazon Web Services outage and Equifax data breach
Share this
Share to help others discover this course.
Facebook LinkedIn X Reddit Link Email
Begin learning today
Enroll now to gain full access to Risk Management for Cybersecurity and IT Managers.
Enroll now
Save for later
Add this course to your list. Find it anytime.
Save
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser