We may earn an affiliate commission when you visit our partners.
(ISC)² Education & Training
Course 2: Understanding Risk Management Options and the Use of Access Controls to Protect Assets
Read more
Course 2: Understanding Risk Management Options and the Use of Access Controls to Protect Assets
Read more
Course 2: Understanding Risk Management Options and the Use of Access Controls to Protect Assets
In this course, we will focus on understanding risk management options and the use of access controls to protect assets. We will start by examining the basic steps that must be in place to develop a security culture within the organization and impacting policies. We will also look into how to write and use them to enforce security requirements. Then we will move on to the actual business of controlling how our systems, services, resources, and data can be accessed safely by authorized persons. We will also cover access control models like MAC, DAC, RBAC, and conclude the chapter with an examination of both LAN and WAN identity management.
Course 2 Learning Objectives
After completing this course, the participant will be able to:
L2.1 - Provide examples of the types of functional security controls and policies for identified scenarios.
L2.2 - Classify various access control models.
L2.3 - Identify components of identity management lifecycle.
L2.4 - Recognize access control and authentication methods.
Course Agenda
Module 1: Document, Implement, and Maintain Functional Security Controls (Domain 1 - Security Operations and Administration)
Module 2: Access Controls Models (Domain 1 - Security Operations and Administration, Domain 2 - Access Controls)
Module 3: Identity Management Lifecycle (Domain 2 - Access Controls)
Module 4: Implement and Maintain Authentication Methods (Domain 2 - Access Controls, Domain 6 - Network and Communication Security)
Who Should Take This Course: Beginners
Experience Required: No prior experience required
Register for this course and see more details by visiting:
OpenCourser.com/course/f61928/risk
Two deals to help you save
Save money when you learn. Here are two deals and offers that may be relevant to this course.
All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.
Valid until July 14
Coursera Plus Annual
Work toward what's next for your career with access to 10,000+ programs. Discover emerging skills and save.
Up to
40%
off
Get offer
Valid until August 30
Google AI App Builder
Learn how to use Gemini API and API Studio with a three-course series from Google DeepMind
Take
100%
off
Get offer
What's inside
Syllabus
Module 1: Document, Implement, and Maintain Functional Security Controls
In this module we are going to start looking at the pieces that make up a security program. Now that we have examined the process of risk management, we have the information needed to justify the controls and other actions taken to secure and protect the assets of the organization. The core principle of information security must be remembered, which is that security exists solely for the purpose of supporting and enabling the business mission. Our goal as security professionals is not just to be secure but rather to secure the business. Our organizations do not hire us because they are really interested in security; they hire us because management realizes that security is necessary in order for the business to survive.
Senior managers and leaders within the organization focus on achieving efficient use of every resource they have available to them, so that they can maximize the organization’s effectiveness within the marketplaces it serves. Whether it is a for-profit business, a nonprofit organization, or a government agency, the organization (in the words of the motto of the UK’s Royal Air Force Police) has to survive to operate. It has to control the losses due to inefficient business processes, bad weather or criminal attacks. Simply put, information security that minimizes losses and protects high-value assets, processes, goals, and objectives pays for itself, and thus commands support and resources from senior management. Security efforts that do not directly support defending those priorities won’t.
The explosive growth in cyber fraud activities during the pandemic of 2020-2021 and the increase in ransomware and other attacks alike demonstrates how the attackers are learning faster than the defenders. Let’s turn that around, starting with how we think about turning security needs and requirements into effective control strategies.
Read more
Syllabus
Module 1: Document, Implement, and Maintain Functional Security Controls
In this module we are going to start looking at the pieces that make up a security program. Now that we have examined the process of risk management, we have the information needed to justify the controls and other actions taken to secure and protect the assets of the organization. The core principle of information security must be remembered, which is that security exists solely for the purpose of supporting and enabling the business mission. Our goal as security professionals is not just to be secure but rather to secure the business. Our organizations do not hire us because they are really interested in security; they hire us because management realizes that security is necessary in order for the business to survive.
Senior managers and leaders within the organization focus on achieving efficient use of every resource they have available to them, so that they can maximize the organization’s effectiveness within the marketplaces it serves. Whether it is a for-profit business, a nonprofit organization, or a government agency, the organization (in the words of the motto of the UK’s Royal Air Force Police) has to survive to operate. It has to control the losses due to inefficient business processes, bad weather or criminal attacks. Simply put, information security that minimizes losses and protects high-value assets, processes, goals, and objectives pays for itself, and thus commands support and resources from senior management. Security efforts that do not directly support defending those priorities won’t.
The explosive growth in cyber fraud activities during the pandemic of 2020-2021 and the increase in ransomware and other attacks alike demonstrates how the attackers are learning faster than the defenders. Let’s turn that around, starting with how we think about turning security needs and requirements into effective control strategies.
Read more
Traffic lights
Traffic lights
Read about what's good
what should give you pause and
possible dealbreakers
Useful point of entry for foundational understanding of data protection and access control
Provides a suitable starting point for beginners to develop a foundational understanding of data protection and access control
May require additional learning to develop practical skills
Prerequisites or prior experience may be necessary for deeper understanding
Suitable for beginners with no prior experience or knowledge in data protection and access control
May provide a foundational understanding of data protection and access control for those in non-technical roles
Save this course
Create your own learning path.
Save this course to your list so you can find it easily later.
Save
Save
Reviews summary
Essential access controls for security beginners
According to students, this course offers an excellent foundation in risk management and access controls, making it highly recommended for beginners in cybersecurity. Many praise the engaging instructor for providing clear explanations of complex topics like MAC, DAC, and RBAC, often using relatable examples. The course content is generally considered well-structured, covering policies and authentication systematically. While the quizzes reinforced learning effectively, a few learners with prior experience found the course too basic, wishing for more depth or practical exercises beyond theoretical concepts. Overall, it successfully achieves its stated goal for new entrants to the field.
Quizzes are helpful for understanding and retention.
"The quizzes were helpful for reinforcing learning."
"Quizzes tested understanding effectively, helping to solidify concepts covered in the modules."
"I found the integrated quizzes valuable for checking my comprehension and progress throughout the course."
Complex concepts are simplified by the instructor.
"The instructor explained complex concepts like MAC, DAC, and RBAC very clearly."
"The instructor's examples made the concepts relatable and easy to understand."
"Instructor was very engaging, making potentially dry subjects interesting with their delivery."
An excellent starting point for new cybersecurity professionals.
"This course provided an excellent foundation in risk management and access controls."
"Highly recommend for anyone starting in information security. It's perfect for beginners."
"As a beginner, I found this course incredibly helpful; the pace was just right and explanations were easy to follow."
Could benefit from more hands-on activities or case studies.
"It feels more like a conceptual overview rather than a practical guide for implementation."
"I was looking for more practical exercises or case studies rather than just theoretical concepts."
"I wished for more challenge or advanced topics, as it focused primarily on theoretical aspects without much hands-on."
Experienced learners may find the content too superficial.
"Too basic. While it fulfills its promise for beginners, those with some background in IT security might find it repetitive."
"It covers the basics, but I was hoping for more depth on advanced identity management systems."
"For someone like me who has a bit of networking background, it felt like it dragged on the basics."
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in Risk Management: Use of Access Controls to Protect Assets with these
activities:
Review ISO 27002 Standard on Access Control
Show steps
Reviewing the ISO 27002 standard will provide a comprehensive overview of best practices for access control.
Browse courses on
ISO 27002
Show steps
-
Obtain a copy of the ISO 27002 standard.
-
Read the sections on access control.
-
Take notes on the key concepts and requirements.
Volunteer at a Cybersecurity Event
Show steps
Volunteering at an event will introduce you to the latest trends and technologies in cybersecurity, access control and identity management in particular.
Browse courses on
Access Controls
Show steps
-
Find a cybersecurity event in your area.
-
Contact the event organizers and offer to volunteer.
-
Attend the event and participate in the activities.
-
Network with other cybersecurity professionals.
Configure Access Control on a Network Device
Show steps
Configuring access control on a network device will provide hands-on experience with implementing a critical security control.
Browse courses on
Access Controls
Show steps
-
Identify the network device you want to configure.
-
Log in to the device's configuration interface.
-
Navigate to the access control settings.
-
Configure the access control settings according to your organization's security policy.
-
Save the configuration changes.
Five other activities
Expand to see all activities and additional details
Show all eight activities
Compile a List of Identity Management Best Practices
Show steps
Creating a compilation of best practices will provide you with a valuable reference guide for securing your organization's identity management system.
Browse courses on
Identity Management
Show steps
-
Research identity management best practices from reputable sources.
-
Compile a list of the most relevant and applicable best practices.
-
Share the list with your team or organization.
Configure Access Control Lists (ACLs)
Show steps
Following tutorials on configuring ACLs will give you practical experience with implementing an important access control mechanism.
Browse courses on
Access Control Lists
Show steps
-
Find a tutorial on configuring ACLs for your operating system or platform.
-
Follow the steps in the tutorial to configure ACLs for a specific resource.
-
Test the ACLs to ensure they are working as intended.
Develop a Security Control Policy
Show steps
Drafting a custom security policy will help you better understand how to develop and implement security controls within an organization.
Browse courses on
Security Policy
Show steps
-
Identify the scope and objectives of the security policy.
-
Conduct a risk assessment to identify potential threats and vulnerabilities.
-
Develop a list of security controls to mitigate the identified risks.
-
Write the security policy document.
-
Obtain approval for the security policy from management.
Practice Auditing Access Logs
Show steps
Regularly reviewing and analyzing access logs can help you detect and prevent security breaches.
Browse courses on
Access Controls
Show steps
-
Collect access logs from your systems.
-
Use a log analysis tool or service to parse and analyze the logs.
-
Identify any suspicious or unusual activity.
-
Take action to investigate and mitigate any identified threats.
Participate in a CTF Competition
Show steps
Participating in CTF competitions will test your access control knowledge and skills in a fun and challenging environment.
Browse courses on
Access Controls
Show steps
-
Find a CTF competition that is relevant to your interests.
-
Register for the competition.
-
Form a team or participate individually.
-
Solve the challenges and earn points.
-
Have fun and learn!
Review ISO 27002 Standard on Access Control
Show steps
Reviewing the ISO 27002 standard will provide a comprehensive overview of best practices for access control.
Browse courses on
ISO 27002
Show steps
Show steps
Show steps
- Obtain a copy of the ISO 27002 standard.
- Read the sections on access control.
- Take notes on the key concepts and requirements.
Volunteer at a Cybersecurity Event
Show steps
Volunteering at an event will introduce you to the latest trends and technologies in cybersecurity, access control and identity management in particular.
Browse courses on
Access Controls
Show steps
Show steps
Show steps
- Find a cybersecurity event in your area.
- Contact the event organizers and offer to volunteer.
- Attend the event and participate in the activities.
- Network with other cybersecurity professionals.
Configure Access Control on a Network Device
Show steps
Configuring access control on a network device will provide hands-on experience with implementing a critical security control.
Browse courses on
Access Controls
Show steps
Show steps
Show steps
- Identify the network device you want to configure.
- Log in to the device's configuration interface.
- Navigate to the access control settings.
- Configure the access control settings according to your organization's security policy.
- Save the configuration changes.
Five other activities
Expand to see all activities and additional details
Show all eight activities
Compile a List of Identity Management Best Practices
Show steps
Creating a compilation of best practices will provide you with a valuable reference guide for securing your organization's identity management system.
Browse courses on
Identity Management
Show steps
Show steps
Show steps
- Research identity management best practices from reputable sources.
- Compile a list of the most relevant and applicable best practices.
- Share the list with your team or organization.
Configure Access Control Lists (ACLs)
Show steps
Following tutorials on configuring ACLs will give you practical experience with implementing an important access control mechanism.
Browse courses on
Access Control Lists
Show steps
Show steps
Show steps
- Find a tutorial on configuring ACLs for your operating system or platform.
- Follow the steps in the tutorial to configure ACLs for a specific resource.
- Test the ACLs to ensure they are working as intended.
Develop a Security Control Policy
Show steps
Drafting a custom security policy will help you better understand how to develop and implement security controls within an organization.
Browse courses on
Security Policy
Show steps
Show steps
Show steps
- Identify the scope and objectives of the security policy.
- Conduct a risk assessment to identify potential threats and vulnerabilities.
- Develop a list of security controls to mitigate the identified risks.
- Write the security policy document.
- Obtain approval for the security policy from management.
Practice Auditing Access Logs
Show steps
Regularly reviewing and analyzing access logs can help you detect and prevent security breaches.
Browse courses on
Access Controls
Show steps
Show steps
Show steps
- Collect access logs from your systems.
- Use a log analysis tool or service to parse and analyze the logs.
- Identify any suspicious or unusual activity.
- Take action to investigate and mitigate any identified threats.
Participate in a CTF Competition
Show steps
Participating in CTF competitions will test your access control knowledge and skills in a fun and challenging environment.
Browse courses on
Access Controls
Show steps
Show steps
Show steps
- Find a CTF competition that is relevant to your interests.
- Register for the competition.
- Form a team or participate individually.
- Solve the challenges and earn points.
- Have fun and learn!
Career center
Learners who complete Risk Management: Use of Access Controls to Protect Assets will develop knowledge and skills
that may be useful to these careers:
Information Security Analyst
Information Security Analyst
In this role, your primary duty involves analyzing and interpreting data to calculate risk. This course provides a great basis for this kind of work by helping you understand risk management options and the use of access control. Once hired, you will likely work closely with IT and security teams to identify vulnerabilities in computer systems and networks. Those without this foundational knowledge often face difficulty in understanding security policies and procedures.
Security Consultant
Security Consultant
As a Security Consultant, you would be responsible for advising clients on how to improve their security posture. This course will help you build a foundation in risk management, access controls, and identity management - all of which are critical to the role of a Security Consultant.
IT Auditor
IT Auditor
IT Auditors are responsible for ensuring that an organization's IT systems and processes are in compliance with regulatory requirements. This course provides a comprehensive overview of access controls, which are essential for protecting an organization's IT assets.
Risk Manager
Risk Manager
Risk Managers are responsible for identifying, assessing, and mitigating risks to an organization. This course provides a solid foundation in risk management, which is essential for success in this role.
Security Architect
Security Architect
Security Architects design and implement security solutions for organizations. This course provides a comprehensive overview of access controls, which are a critical component of any security architecture.
Cybersecurity Analyst
Cybersecurity Analyst
Cybersecurity Analysts are responsible for monitoring and protecting an organization's IT systems and networks from cyberattacks. This course provides a solid foundation in access controls, which are essential for protecting an organization's IT assets.
Network Security Engineer
Network Security Engineer
Network Security Engineers are responsible for designing, implementing, and maintaining an organization's network security infrastructure. This course provides a comprehensive overview of access controls, which are essential for protecting an organization's network.
Security Operations Center (SOC) Analyst
Security Operations Center (SOC) Analyst
SOC Analysts are responsible for monitoring and responding to security incidents. This course provides a solid foundation in access controls, which are essential for protecting an organization's IT assets.
Incident Responder
Incident Responder
Incident Responders are responsible for investigating and responding to security incidents. This course provides a solid foundation in access controls, which are essential for understanding how to prevent and mitigate security incidents.
Penetration Tester
Penetration Tester
Penetration Testers are responsible for identifying vulnerabilities in an organization's IT systems and networks. This course provides a solid foundation in access controls, which are essential for understanding how to test for and exploit vulnerabilities.
Malware Analyst
Malware Analyst
Malware Analysts are responsible for analyzing and identifying malware. This course provides a solid foundation in access controls, which can help you understand how malware can bypass security controls and infect systems.
Forensic Analyst
Forensic Analyst
Forensic Analysts are responsible for investigating and analyzing evidence of cybercrimes. This course provides a solid foundation in access controls, which can help you understand how to collect and analyze evidence of cybercrimes.
Security Engineer
Security Engineer
Security Engineers are responsible for designing, implementing, and maintaining an organization's security infrastructure. This course provides a solid foundation in access controls, which are essential for designing and implementing a secure infrastructure.
Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
CISOs are responsible for overseeing an organization's overall security program. This course provides a comprehensive overview of risk management, access controls, and identity management - all of which are critical to the role of a CISO.
Information Security Manager
Information Security Manager
Information Security Managers are responsible for managing an organization's information security program. This course provides a comprehensive overview of risk management, access controls, and identity management - all of which are critical to the role of an Information Security Manager.
For more career information including salaries, visit:
OpenCourser.com/course/f61928/risk
Reading list
We've selected ten books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Risk Management: Use of Access Controls to Protect Assets.
Provides a comprehensive overview of access control and identity management, covering topics such as access control models, authentication methods, and identity management best practices. It valuable resource for anyone looking to learn more about this important topic.
Save
Provides a comprehensive overview of information security, covering topics such as security policies, security controls, and security management. It valuable resource for anyone looking to learn more about this important topic.
Save
Provides a comprehensive overview of network security, covering topics such as network attacks, network defense, and network security tools. It valuable resource for anyone looking to learn more about this important topic.
Is the official study guide for the CISSP certification exam. It provides a comprehensive overview of information security, covering topics such as security policies, security controls, and security management. It valuable resource for anyone looking to obtain the CISSP certification.
Provides a comprehensive overview of the security controls for federal information systems and organizations. It valuable resource for anyone looking to implement these security controls in their organization.
Provides a comprehensive overview of security in computing, covering topics such as security threats, security mechanisms, and security management. It valuable resource for anyone looking to learn more about this important topic.
Save
Provides a unique perspective on information security, focusing on the human element of security. It valuable resource for anyone looking to learn more about how to protect information systems from social engineering attacks.
Save
Provides a comprehensive overview of social engineering, covering topics such as social engineering techniques, social engineering tools, and social engineering countermeasures. It valuable resource for anyone looking to learn more about this important topic.
Provides a comprehensive overview of information security risk management, covering topics such as risk identification, assessment, and mitigation. It valuable resource for anyone looking to learn more about this important topic.
Provides a fascinating look at the psychology of security, focusing on how human behavior affects information security. It valuable resource for anyone looking to learn more about this important topic.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/f61928/risk
Share
Similar courses
Similar courses are unavailable at this time. Please try again later.
Level
Introductory
Via
Coursera
Institution
ISC2
Instructor
(ISC)² Education & Training
Language
English
Transcripts
Español
Français
Português
Deutsch
Italiano
中文
العربية
한국어
日本語
हिंदी
Nederlands
Svenska
Pусский
Türkçe
Polski
Ελληνικά
українська мова
Bahasa Indonesia
ไทย
қазақша
This course belongs to a
collection
called
(ISC)² Systems Security Certified Practitioner (SSCP) . It's comprised of seven courses:
- Securing Software, Data and End Points
- Maturing Risk Management
- Incident Detection and Response
- Cloud and Wireless Security
- Introducing Security: Aligning Asset and Risk Management
- Risk Management: Use of Access Controls to Protect Assets (viewing)
- Networks and Communications Security
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2025 OpenCourser