We may earn an affiliate commission when you visit our partners.
Course image
Michael Whitman, Ph.D., CISM, CISSP and Herbert J. Mattord, Ph.D., CISM, CISSP, CDP

Every organization uses its information to support its business operations. When there are threats in the internal and external environments, they create the risk of information loss or damage. This course examines the design and construction of a risk management program, including policies and plans, to support the identification and treatment of risk to the organization’s information assets.

Enroll now

What's inside

Syllabus

Welcome to A General Approach to Risk Management (Course 2)
This is an overview of the learning objectives for the course.
Building the Risk Management Effort (Module 2.1)
Read more
Planning for Risk Management (Module 2.2)
Conducting the RM Process (Module 2.3)
Conducting the RM Process: Risk Treatment (Module 2.4)
Course wrap-up for A General Approach to Risk Management
This is the final module where you will take the Course Assessment.

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Provides a theoretical foundation in risk management principles, which can be applied to a variety of fields
Taught by instructors with decades of real-world industry experience in information security risk management
Examines the design and construction of a risk management program, which is relevant to organizations of all sizes

Save this course

Save A General Approach to Risk Management to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in A General Approach to Risk Management with these activities:
Mentor new students in understanding risk management principles
Reinforce your understanding of risk management principles by helping others.
Browse courses on Risk Management
Show steps
  • Volunteer to mentor new students
  • Meet with mentees regularly to discuss course materials and provide guidance
  • Share your knowledge and experience to help mentees succeed
Review statistics and probability concepts
Provides a stronger foundation for comprehending risk assessment techniques and making informed decisions based on data analysis.
Browse courses on Probability Theory
Show steps
  • Review fundamental concepts of probability, such as conditional probability and Bayes' theorem.
  • Practice solving problems involving statistical analysis, such as calculating mean, standard deviation, and hypothesis testing.
Review data security concepts
Refresh your foundational knowledge of data security concepts to better understand the course materials.
Browse courses on Data Security
Show steps
  • Review notes, assignments, and practice questions from previous coursework
  • Take practice quizzes on data security concepts
  • Read articles and white papers on current trends in data security
12 other activities
Expand to see all activities and additional details
Show all 15 activities
Review Risk Management Fundamentals
Solidify your understanding of the fundamental concepts and principles of risk management.
Browse courses on Risk Management
Show steps
  • Review lecture notes and textbooks on risk management.
  • Take practice quizzes or tests to assess your comprehension.
Organize and review course notes, readings, and assignments
Improves retention and understanding by reinforcing key concepts, organizing materials for easy access, and identifying areas for further review.
Show steps
  • Create a dedicated folder or notebook for course materials.
  • Review notes after each lecture or module.
  • Summarize key points from readings and assignments.
  • Identify areas where further clarification or review is needed.
Explore Risk Management Frameworks
Gain insights into best practices and methodologies for implementing risk management programs.
Show steps
  • Research and read about various risk management frameworks.
  • Follow online tutorials or webinars on implementing these frameworks.
Engage in peer-to-peer discussions on risk management case studies
Fosters a collaborative learning environment that allows you to exchange insights, learn from diverse perspectives, and reinforce your understanding through peer feedback.
Show steps
  • Join online discussion forums or study groups.
  • Select case studies aligned with course topics.
  • Prepare your analysis and perspectives on the case study.
  • Engage in discussions, sharing your insights and listening to others' perspectives.
  • Summarize key takeaways and reflect on how they enhance your understanding of risk management.
Solve risk identification and analysis problems
Practice applying risk identification and analysis techniques to strengthen your problem-solving skills.
Browse courses on Risk Identification
Show steps
  • Review lecture materials and notes on risk identification and analysis
  • Practice identifying and analyzing risks in case studies
  • Complete online exercises and quizzes on risk identification and analysis
Conduct Risk Assessments
Develop your skills in identifying and analyzing risks to an organization's information assets.
Browse courses on Risk Assessment
Show steps
  • Identify potential threats and vulnerabilities to an organization's information systems.
  • Assess the likelihood and impact of identified risks.
  • Develop and implement risk mitigation strategies.
Participate in online risk assessment simulations
Provides hands-on experience in assessing and addressing vulnerabilities, enhancing your ability to apply risk management principles effectively.
Browse courses on Vulnerability Assessment
Show steps
  • Identify reputable online platforms offering risk assessment simulations.
  • Choose simulations relevant to the topics covered in the course.
  • Follow the simulation instructions carefully and document your observations.
  • Analyze the results and identify areas for improvement in your risk management approach.
Follow online tutorials on risk assessment tools and techniques
Expands your knowledge and skills by introducing you to practical tools and techniques for risk assessment, enhancing your ability to implement effective risk management strategies.
Browse courses on Cybersecurity Frameworks
Show steps
  • Identify reputable online platforms offering tutorials on risk assessment tools.
  • Choose tutorials relevant to the topics covered in the course.
  • Follow the tutorial instructions carefully and implement the tools or techniques in a practice setting.
Develop a risk management plan for a hypothetical organization
Provides an opportunity to apply your knowledge in a practical setting, developing a comprehensive plan that integrates risk assessment, risk treatment, and risk monitoring.
Show steps
  • Define the scope and objectives of the risk management plan.
  • Identify and assess potential risks to the organization.
  • Develop and implement risk mitigation strategies.
  • Monitor and evaluate the effectiveness of the risk management plan.
  • Document the risk management plan clearly and concisely.
Write a summary of key concepts
Synthesize your understanding of key risk management concepts by writing a summary.
Browse courses on Risk Management
Show steps
  • Identify the main concepts covered in each module
  • Write a concise summary that captures the essence of each concept
  • Review and revise your summary to ensure clarity and accuracy
Design a Risk Management Plan
Apply your knowledge and skills to create a comprehensive risk management plan for an organization.
Browse courses on Risk Management Plan
Show steps
  • Gather information about the organization's information assets, threats, and vulnerabilities.
  • Conduct a risk assessment and identify potential risks.
  • Develop and document risk mitigation strategies.
  • Implement and monitor the risk management plan.
Develop a risk management plan for a fictitious organization
Apply your knowledge of risk management principles to develop a comprehensive plan.
Browse courses on Risk Management Plan
Show steps
  • Identify the organization's assets and threats
  • Conduct a risk assessment to identify and analyze potential risks
  • Develop mitigation strategies to address identified risks
  • Create a comprehensive risk management plan that outlines the organization's risk management policies and procedures

Career center

Learners who complete A General Approach to Risk Management will develop knowledge and skills that may be useful to these careers:
Information Security Analyst
Information Security Analysts are responsible for protecting an organization's computer networks and systems from cyberattacks. They develop and implement security measures, such as firewalls and intrusion detection systems, and monitor networks for suspicious activity. They also investigate and respond to security breaches and develop and implement security policies and procedures. This course may be useful for Information Security Analysts because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
IT Auditor
IT Auditors are responsible for evaluating the effectiveness of an organization's IT controls and making recommendations for improvements. They review and test IT systems and processes, and assess the risks associated with the use of IT. They also provide guidance to management on how to improve IT security and compliance. This course may be useful for IT Auditors because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Compliance Manager
Compliance Managers are responsible for ensuring that an organization complies with all applicable laws and regulations. They develop and implement compliance programs, and monitor and audit compliance activities. They also train employees on compliance requirements and investigate and respond to compliance violations. This course may be useful for Compliance Managers because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Risk Manager
Risk Managers are responsible for identifying and managing risks to an organization's operations. They develop and implement risk management strategies, and monitor and assess risks. They also advise management on how to mitigate risks and improve risk management practices. This course may be useful for Risk Managers because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Security Manager
Security Managers are responsible for developing and implementing security measures to protect an organization's assets. They assess risks to an organization's security, and develop and implement security plans and procedures. They also oversee security operations and train employees on security awareness. This course may be useful for Security Managers because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Information Technology Specialist
Information Technology Specialists are responsible for managing and maintaining an organization's IT systems and infrastructure. They install and configure hardware and software, and provide technical support to users. They also perform maintenance and troubleshooting on IT systems. This course may be useful for Information Technology Specialists because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Computer Network Architect
Computer Network Architects are responsible for designing and implementing an organization's computer networks. They assess network needs and develop network designs, and select and install hardware and software. They also monitor and troubleshoot network performance, and make recommendations for improvements. This course may be useful for Computer Network Architects because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Systems Analyst
Systems Analysts are responsible for studying and analyzing an organization's systems and procedures. They develop and implement new systems, and modify existing systems. They also provide technical support to users, and train users on new systems. This course may be useful for Systems Analysts because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Software Engineer
Software Engineers are responsible for designing, developing, and testing software applications. They work with users to gather requirements, and then design and develop software solutions. They also test and debug software, and maintain and update software applications. This course may be useful for Software Engineers because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Web Developer
Web Developers are responsible for designing and developing websites. They work with clients to gather requirements, and then design and develop websites. They also test and debug websites, and maintain and update websites. This course may be useful for Web Developers because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Database Administrator
Database Administrators are responsible for managing and maintaining an organization's databases. They install and configure database software, and create and manage databases. They also back up and restore databases, and monitor database performance. This course may be useful for Database Administrators because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Network Administrator
Network Administrators are responsible for managing and maintaining an organization's computer networks. They install and configure hardware and software, and provide technical support to users. They also monitor and troubleshoot network performance, and make recommendations for improvements. This course may be useful for Network Administrators because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.
Computer Programmer
Computer Programmers are responsible for writing and maintaining computer programs. They work with users to gather requirements, and then design and develop computer programs. They also test and debug computer programs, and maintain and update computer programs. This course may be useful for Computer Programmers because it provides an overview of the risk management process and how to identify and treat risks to an organization's information assets.

Reading list

We've selected seven books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in A General Approach to Risk Management.
This publication provides guidance on how to manage information security risk. It valuable resource for anyone involved in risk management, and it can be used to supplement the course material on risk management.
This international standard provides guidance on risk management. It valuable resource for anyone involved in risk management, and it can be used to supplement the course material on risk management.
Comprehensive reference on risk management. It covers a wide range of topics, including risk assessment, risk management planning, and risk monitoring.
Provides a guide to building an information security management system (ISMS), which framework for managing information security risks. It would be valuable as a reference tool for this course.
Provides a comprehensive overview of information security risk management. It covers the key concepts and principles of information security risk management, as well as case studies and examples.
Provides a comprehensive overview of risk management for IT professionals. It valuable resource for anyone involved in IT risk management, and it can be used to supplement the course material on risk management.
Provides a comprehensive overview of the CISSP certification. It valuable resource for anyone who is preparing for the CISSP certification, and it can be used to supplement the course material on risk management.

Share

Help others find this course page by sharing it with your friends and followers:
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser