Risk Management for Cybersecurity and IT Managers from Udemy

Have you ever wondered why your organization's executives or your manager made a decision to fund or not fund your project?

In this course, you will get an inside look at how cybersecurity and information technology (IT) managers determine which projects they will support with funding, and which they won't, based on a preliminary risk analysis. Over the past two decades, I have worked in the cybersecurity and information technology realm, fighting for my projects to be funded. Early in my career, I didn't understand why certain projects would be funded and executed, while others wouldn't. What I learned, is that it all came down to Risk Management by our executives and managers.

You will learn the terms used by executives and managers in discussing Risk Management, and how to apply the concepts of Risk Management to your networks, systems, and projects. This course is not an operational or tactical course that focuses on how you will secure your networks, but instead focuses on the mindset of managers and teaches you how to think like they do. Once you master these concepts, it is much easier to build your business case for your projects and justify your budgetary needs.

Throughout this course, we will discuss what comprises Risk (assets, threats, and vulnerabilities), providing numerous real-world examples along the way. We will also cover Qualitative and Quantitative Risk Measurements, showing how you can calculate the risk of an uncertainty due to vulnerabilities and threats.

This course also includes two case studies of what happens when risk management fails, as demonstrated by the Amazon Web Services outage and Equifax data breach that both occurred in 2017. You will learn to better understand these scenarios, what caused the outage/breach, and why managers may have made the decisions they did that led up to them.

Upon completion of this course, you will earn 3 CEUs towards the renewal of your CompTIA A+, Network+, Security+, Linux+, Cloud+, PenTest+, CySA+, or CASP+ certifications.

What's inside

Learning objectives

Understand the foundations of risk management in the cybersecurity and information technology field
Be able to use qualitative risk measurement techniques when discussing networks and projects

Be able to use quantitative risk measurement techniques when discussing networks and projects
Discuss current events in the technology space in relation to risk management decisions

Understand the foundations of risk management in the cybersecurity and information technology field
Be able to use qualitative risk measurement techniques when discussing networks and projects
Be able to use quantitative risk measurement techniques when discussing networks and projects
Discuss current events in the technology space in relation to risk management decisions

Syllabus

Introduction

This video contains a short introduction from your instructor, Jason.

This lesson includes the downloadable study guide as a resource for your offline studies and note taking.

What is Risk?

In this lecture, we will discuss the three major components of risk: assets, vulnerabilities, and threats.

In this lecture, you will learn the different types of risk that exist in the business world and in our IT networks.

In this lesson, we will discuss the different types of threats that our networks and businesses face.

In this lecture, we will breakdown what happens when Risk Management fails by examining the Amazon Web Services outage from 2017 that took down nearly the entire East Coast region!

What Can You Do With Risk?

In this video, we will introduce the concepts of mitigating, transferring, avoiding, and accepting risk.

In this video, we will dive deeper into the concept of Risk Mitigation.

In this video, we will dive deeper into the concept of Risk Transference.

In this video, we will dive deeper into the concept of Risk Avoidance.

In this video, we will dive deeper into the concept of Risk Acceptance.

In this video, we will discuss how risk controls are selected.

In this lesson, we will take a small detour into the world of project management (PMP and PRINCE2) to discuss additional risk responses that are available beyond the four basics we discussed above.

Calculating Risk

In this lesson, you will learn the different types of ways to calculate risk.

In this video, we will discuss the qualitative risk measurement methods.

In this video, we will discuss the quantitative risk measurement methods.

In this video, we will discuss the Equifax data breach of July 2017, what led up to it, and the management decisions that could have prevented it.

Student will get a real world perspective into the world of risk management through interviews with professionals in the field.

In this short video, students will receive an introduction to this section of interviews with industry professionals in the Government, Defense, Commercial, and Health Care sectors and how they implement Risk Management in the Real World.

In this video, Jason interviews Mr. Randy Fuller who worked in the Government sector. Mr. Fuller's organization spans across 6 continents and hundreds of thousands of users.

In this video, Jason interviews Mr. Corey Charles who works as an IT Manager in the Vulnerability Management space in the Government sector. Mr. Charles' organization spans across 6 states and thousands of users.

In this video, Jason interviews Mr. David Anderson, the Director of Information Security Operations for a major health care provider in the United States. His organization spans 46 hospitals across numerous states, and gives us a unique inside look at how decisions made decades ago can still affect the risk posture of our networks today. (The audio quality is not the greatest, unfortunately, as we had to record it over a phone line connection, but it is well worth listening to because the discussion he provides us is outstanding!)

In this interview, we talk with Tu Laniyonu who works in the Government Sector as a digital forensic examiner working on cases of suspected insider threats.

Conclusion

In this video, we will provide a short conclusion and summary of the course.

BONUS: Where to go from here?

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Covers qualitative and quantitative risk measurement techniques, as well as case studies and industry examples

Course length is not provided

Taught by Jason Dion, an experienced IT and cybersecurity instructor

Objectives may be too general for some learners

Provides a comprehensive overview of risk management in IT and cybersecurity

Examines risk management failures through case studies, such as the Amazon Web Services outage and Equifax data breach

Reviews summary

Cyber risk fundamentals

Learners say this course provides a largely positive overview of risk management for cybersecurity and IT managers, with engaging assignments that help them understand key concepts. The course begins with a breakdown of the basic principles of vulnerability, threat, risk, and methodologies for dealing with them. Students highly value the interviews with industry experts offering insights on how they factor risk assessment into their organizations. Case studies are also called out as particularly effective in providing a practical lens to look at cybersecurity. Overall, students say this course is well organized and easy to understand, with a charismatic instructor, and they largely recommend it for anyone new to risk management or those looking for a refresher.

The course provides clear and concise explanations of risk concepts, making them easy to understand.

"I enjoyed the content and the method in which it was presented."

"The concepts are told with very good examples, making it easier for me to understand it well."

"Thank you for making the learning session fun!"

The course material is well-organized and easy to follow, with a logical progression of topics.

"This course is well structured."

"Its really a great course organized to understand practical way of risk management process and getting insights from experts of different industries really helping us to understands some real world examples and risk mitigation approaches and techniques to consider."

"Its very gd , to improve you."

The instructor, Jason Dion, is knowledgeable, engaging, and makes the material interesting.

"Jason has some of the best courses I've ever taken."

"I have taken other courses at Udemy but Jason is the only one who I prefer to enroll courses with."

"Jason is a very clear and effective teacher."

The course uses real-world examples and case studies to illustrate risk management concepts, making them more relatable and applicable.

"I learned a lot from you and I like the interview videos."

"I learnt quite a bit from the Risk Management for Cybersecurity and IT Managers course."

"This learning had covered wide array in terms of cybersecurity and the various cyber threats."

The course includes interviews with industry experts who provide valuable insights and perspectives on risk management.

"I appreciate that you conducted interviews with Corey Charles, David Anderson and Tu Laniyonu."

"Outstanding course."

"I would like to say, the topics are well consolidated with comprehensive content and the best part is the course include the industries use cases."

The course may lack depth for experienced risk management professionals.

"This course would be beneficial for any IT Managers worried about Security, which should be every manager."

"I am pretty well steeped in Risk Management from years in a project manager role and teaching PMBoK reviews for aspiring PMPs."

"Very, very basic content presented in a concise manner."

The course covers basic risk management concepts and may not be suitable for those with prior knowledge in the field.

"It has been a good course considering the contents, but the teacher speaking is too fast to be understood by who do not know english very well."

"This content was similar to other content that I received in other courses from the same instructor."

"I missed an element of interactivity during this course."

Some of the interviews have audio issues that can make it difficult to understand the speakers.

"The audio quality of the Risk Management in the Real World section could have been better though."

"The sound quality was horrendous on his end."

"David Anderson's part of the interview, it is strange that, as IT professionals, such part wasn't addressed before the recording."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Risk Management for Cybersecurity and IT Managers with these activities:

Review Course Objectives

Show steps

Help familiarize yourself with concepts and identify areas of focus.

Browse courses on Risk Management

Show steps

Read the course syllabus.
Review the course description.

Join a Cybersecurity Risk Management Study Group

Show steps

Collaborate with peers to discuss concepts, share insights, and answer questions.

Browse courses on Risk Management

Show steps

Find a study group or create your own.
Set regular meeting times and discuss course materials.

Complete the SANS Risk Management for IT Professionals Tutorial

Show steps

Gain structured guidance and deeper understanding of risk management principles.

Browse courses on Risk Management

Show steps

Enroll in the SANS Risk Management for IT Professionals Tutorial.
Complete the interactive modules and exercises.

Five other activities

Expand to see all activities and additional details

Show all eight activities

Attend a Risk Management Workshop

Show steps

Engage with experts and practitioners to clarify concepts and learn best practices.

Browse courses on Risk Management

Show steps

Search for relevant risk management workshops.
Register and attend the workshop.

Solve Risk Management Case Studies

Show steps

Apply concepts to real-world scenarios to test understanding and decision-making skills.

Browse courses on Case Studies

Show steps

Find risk management case studies online or in textbooks.
Analyze the case and identify risks.
Develop and evaluate mitigation strategies.

Create a Cybersecurity Risk Assessment Report

Show steps

Reinforce understanding of risk analysis methods and documentation.

Browse courses on Risk Management

Show steps

Identify assets, threats, and vulnerabilities.
Assess likelihood and impact of risks.
Write an executive summary and recommendations.

Contribute to Risk Management Open Source Projects

Show steps

Gain practical experience and contribute to the community while solidifying understanding.

Browse courses on Open Source

Show steps

Identify open source risk management projects.
Review the code and documentation.
Suggest improvements or contribute code.

Develop a Risk Management Plan for a Small Business

Show steps

Integrate knowledge into a comprehensive plan that demonstrates practical application.

Browse courses on Risk Management Plan

Show steps

Identify business goals and objectives.
Conduct a risk assessment.
Develop risk mitigation strategies.
Create a risk management plan document.

Career center

Learners who complete Risk Management for Cybersecurity and IT Managers will develop knowledge and skills that may be useful to these careers:

Risk Manager

Risk Managers are responsible for identifying and mitigating risks to an organization. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop risk management plans, and implement risk controls. You will also learn about the latest risk management trends and best practices.

See salaries and explore the career path for Risk Manager

Chief Risk Officer (CRO)

CROs are responsible for overseeing an organization's risk management program. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop risk management plans, and implement risk controls. You will also learn about the latest risk management trends and best practices.

See salaries and explore the career path for Chief Risk Officer (CRO)

Chief Information Security Officer (CISO)

CISOs are responsible for overseeing an organization's information security program. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop security plans, and implement security controls. You will also learn about the latest security trends and best practices.

See salaries and explore the career path for Chief Information Security Officer (CISO)

Security Architect

Security Architects design and implement security solutions for organizations. This course can help you build a foundation in risk management, which is essential for designing secure systems. You will learn how to assess risks, develop security plans, and implement security controls. This knowledge will be invaluable in your career as a Security Architect.

See salaries and explore the career path for Security Architect

Cybersecurity Analyst

Cybersecurity Analysts are responsible for protecting computer networks and systems from cyberattacks. This course can help you develop the skills you need to succeed in this role. You will learn how to identify and mitigate security risks, develop security plans, and implement security controls. You will also learn about the latest cybersecurity threats and trends.

See salaries and explore the career path for Cybersecurity Analyst

Security Consultant

Security Consultants help organizations identify and mitigate security risks. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop security plans, and implement security controls. You will also learn about the latest security trends and best practices.

See salaries and explore the career path for Security Consultant

Risk Consultant

Risk Consultants help organizations identify and mitigate risks. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop risk management plans, and implement risk controls. You will also learn about the latest risk management trends and best practices.

See salaries and explore the career path for Risk Consultant

IT Manager

IT Managers are responsible for planning, implementing, and managing an organization's IT systems. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop IT plans, and implement IT controls. You will also learn about the latest IT trends and best practices.

See salaries and explore the career path for IT Manager

Project Manager

Project Managers are responsible for planning, executing, and closing projects. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop project plans, and implement project controls. You will also learn about the latest project management trends and best practices.

See salaries and explore the career path for Project Manager

Information Security Analyst

An Information Security Analyst plays a vital role in protecting an organization's computer networks and systems. This course can help you build a foundation in risk management, which is essential for identifying and mitigating security risks. You will learn how to assess risks, develop security plans, and implement security controls. This knowledge will be invaluable in your career as an Information Security Analyst.

See salaries and explore the career path for Information Security Analyst

Compliance Consultant

Compliance Consultants help organizations comply with all applicable laws and regulations. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop compliance plans, and implement compliance controls. You will also learn about the latest compliance trends and best practices.

See salaries and explore the career path for Compliance Consultant

IT Auditor

IT Auditors are responsible for reviewing and evaluating an organization's IT systems and controls. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop audit plans, and perform IT audits. You will also learn about the latest IT audit trends and best practices.

See salaries and explore the career path for IT Auditor

Business Analyst

Business Analysts are responsible for understanding and analyzing business needs. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop business plans, and implement business controls. You will also learn about the latest business analysis trends and best practices.

See salaries and explore the career path for Business Analyst

Compliance Manager

Compliance Managers are responsible for ensuring that an organization complies with all applicable laws and regulations. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop compliance plans, and implement compliance controls. You will also learn about the latest compliance trends and best practices.

See salaries and explore the career path for Compliance Manager

Privacy Officer

Privacy Officers are responsible for protecting an organization's privacy data. This course can help you develop the skills you need to succeed in this role. You will learn how to assess risks, develop privacy plans, and implement privacy controls. You will also learn about the latest privacy trends and best practices.

See salaries and explore the career path for Privacy Officer