Maturing Risk Management from Coursera

Course 8: Maturing Risk Management

In management science terms, maturing a process or practice means taking positive steps over time to make it more reliable, repeatable and efficient. In practice, this means getting better every day, while showing the measurements that demonstrate improvement and suggest other opportunities to improve. As we saw in chapters one and two risk management for information intensive organizations works best when using evidence-based reasoning to identify, characterize, and take actions as necessary to resolve the issues. Course eight will bring together numerous threads that are intrinsically related to managing the risks associated with information systems. Also, we know that cyber attack is a risk for all organizations. In this course, we will focus on bringing these ideas together in a context of continuous maturity modeling, measuring and monitoring. Risk alignment works best at the strategic long-term level of planning. By contrast risk maturation can be most effective when considered in day-to-day business operations. This is sometimes called operationalizing one's approach to risk management and maturation. Operationalizing risk management asks us to take the life cycle models about systems, software and data and connect or pivot them around business operations. We'll take on the view of the workers who use the business logic and the systems or the people who oversee the robotics and internet of things on the factory or warehouse floor and see how each of the different security disciplines brings something to them. This course has five modules. Module one focuses on change management and reveals how this detailed administratively intense process plays a primary role in protecting information systems. We'll also look at its vital contributions to incident response and remediation. Module two shows how physical security design principles are used to monitor and control the flow of physical objects in and out of various security zones. This module also considers the operational effects of safety planning and preparation on people and property, as well as availability and integrity of systems and information. Module three provides a different attitude and mindset about empowering and enabling the people in the organization to become more effective contributors and proponents of its information security. Security training programs have failed to help people complete their job safely and securely. New concepts such as micro chaining demonstrates that security education and awareness can add value to the security process. Module four shows us that system security assessment should be an ongoing task. Security has always involved continuous vigilance and integrity. Formal and informal audits demonstrate just how effective an organization's security controls are. As its process of maturing those controls continues to improve their performance. Module five brings many of these ideas and concepts together through business continuity and disaster recovery planning. The emphasis will be the operational support of these tasks, both in the planning and execution stages. We've prepared the foundations so you can bring concepts covered thus far into a cohesive daily operational context.

Course 8 Learning Objectives

After completing this course, the participant will be able to: 

L8.1 - Identify operational aspects of change management.

L8.2 - Summarize physical security considerations.

L8.3 - Design a security education and awareness strategy.

L8.4 - Recognize common security assessment activities.

L8.5 - Classify the components of a business continuity plan and disaster recovery plan.

Course Agenda

Module 1: Participate in Change Management (Domain 1 - Security Operations and Administration)

Module 2: Physical Security Considerations (Domain 1 - Security Operations and Administration)

Module 3: Collaborate in Security Awareness and Training (Domain 1 - Security Operations and Administration)

Module 4: Perform Security Assessment Activities (Domain 3 - Risk Identification, Monitoring and Analysis)

Module 5: Understand and Support the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) (Domain 4 - Incident Response and Recovery)

Who Should Take This Course: Beginners

Experience Required: No prior experience required

What's inside

Syllabus

Module 1: Participate in Change Management

An important function of the IT department is to maintain information systems and upgrade, enhance and revise those systems as necessary. Information systems are subject to many changes and modifications due to system patches, new technology or functionality, correction of process errors or system failures. The IT department must be able to manage change in order to support business operations and ensure the security of the systems.  The problem is that change poses a significant risk to the organization. Because of changes, systems may fail, functionality may be lost, security vulnerabilities may be introduced and data integrity may be compromised. This requires the development and implementation of a change management process that entails the documentation, testing and approval of all changes — and that thereby avoids business interruption. 

Traffic lights

Read about what's good

what should give you pause

and possible dealbreakers

Teaches concepts, skills, and background information for certification

Taught by experts with deep experience in the field

Develops skills and knowledge for use in a variety of job roles

Builds a strong foundation for further learning in the field

Includes a variety of learning materials and activities

May require some prior knowledge or experience in the field

Reviews summary

Foundational operational risk management

According to students, this course offers a strong foundation in maturing risk management, making it highly suitable for beginners with no prior experience. Learners appreciate its focus on operationalizing risk management, connecting theoretical concepts to day-to-day business. The curriculum covers essential security domains including change management, physical security considerations, and security awareness and training, alongside system security assessment activities and critical insights into business continuity and disaster recovery planning. Students highlight how the course prepares them to support these plans operationally, though they may find it provides a broad overview rather than deep technical dives, serving as an excellent starting point for further specialization.

Strong conceptual overview, less focus on hands-on application.

"While comprehensive, I anticipate needing more specific, practical training for real-world implementation."

"I found the course strong on concepts and frameworks but less on detailed step-by-step practical guides."

"It provides a great roadmap, but learners might need to seek additional hands-on practice elsewhere."

Emphasizes ongoing improvement and measurement.

"I understood the importance of continuous maturity modeling, measuring, and monitoring in risk management."

"The course highlights taking positive steps over time to make processes more reliable and efficient."

"It truly emphasizes getting better every day and demonstrating improvement through measurements."

Covers diverse, relevant security domains.

"I learned about critical areas like change management and physical security, which are vital for protection."

"The modules on security assessment and BCP/DRP were particularly insightful and broad-reaching."

"It brings together numerous threads intrinsically related to managing information systems risks."

Connects risk management to daily business operations.

"I gained a clear understanding of how to operationalize risk management in my day-to-day work."

"The course helped me pivot life cycle models around business operations effectively."

"It clearly shows how different security disciplines contribute to operational resilience."

Perfect for those new to risk management concepts.

"I found this course perfectly designed for someone with no prior experience in risk management."

"It's a foundational course that clearly introduces complex topics without being overwhelming."

"As a beginner, I appreciated the accessible approach to operational security principles."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Maturing Risk Management with these activities:

Review change management concepts

Show steps

Refresh your understanding of change management principles and processes to enhance your comprehension of module 1.

Browse courses on Change Management

Show steps

Revisit materials from previous courses or certifications related to change management.
Review industry articles and case studies on effective change management practices.
Attend webinars or online seminars on change management methodologies.

Participate in a discussion forum on change management

Show steps

Exchange knowledge and insights with peers to deepen your understanding of change management practices.

Browse courses on Change Management

Show steps

Join online forums or discussion groups dedicated to change management.
Engage in discussions, ask questions, and share experiences related to change management.

Conduct a physical security assessment

Show steps

Engage in a hands-on activity that reinforces the concepts of physical security design and implementation.

Browse courses on Physical Security

Show steps

Identify and document potential threats and vulnerabilities to a physical facility.
Assess existing security measures and evaluate their effectiveness.
Recommend improvements to enhance physical security and mitigate risks.

Five other activities

Expand to see all activities and additional details

Show all eight activities

Explore microtraining resources

Show steps

Familiarize yourself with microtraining techniques to enhance your understanding of security awareness and training.

Browse courses on Security Awareness Training

Show steps

Identify online platforms or vendors that provide microtraining content.
Enroll in or explore free microtraining modules related to security awareness.
Evaluate the effectiveness and applicability of microtraining to your organization.

Attend a workshop on physical security best practices

Show steps

Gain hands-on experience and practical guidance on implementing physical security measures.

Browse courses on Physical Security

Show steps

Identify and register for workshops or seminars related to physical security.
Attend the workshop and actively participate in discussions and exercises.
Apply the knowledge and skills gained to enhance your organization's physical security posture.

Design a security assessment plan

Show steps

Apply your knowledge of security assessment techniques to create a comprehensive plan that aligns with organizational needs.

Browse courses on Security Assessment

Show steps

Define the scope and objectives of the security assessment.
Identify the assets and systems to be assessed.
Select and apply appropriate assessment techniques.
Develop a reporting framework to communicate assessment findings.

Contribute to an open-source security awareness project

Show steps

Apply your understanding of security awareness principles by contributing to community-driven projects.

Browse courses on Security Awareness

Show steps

Identify open-source projects focused on security awareness and education.
Review the project's documentation and identify areas where you can contribute.
Submit code changes, documentation updates, or other contributions that enhance the project.

Develop a business continuity plan (BCP)

Show steps

Demonstrate your understanding of business continuity principles by creating a comprehensive BCP.

Browse courses on Business Continuity Planning

Show steps

Identify critical business functions and their dependencies.
Develop a strategy to maintain essential operations during a disruption.
Establish communication channels and protocols for incident response.
Test and exercise the BCP to ensure its effectiveness.

Career center

Learners who complete Maturing Risk Management will develop knowledge and skills that may be useful to these careers:

Information Security Analyst

An Information Security Analyst uses their technical knowledge to help identify, prevent, and resolve security vulnerabilities across the organization. This course helps those in this role by providing them with an overview of several aspects of information systems security. It also gives strategies, techniques, and processes for organizational expectations for control set, evaluated, and improved. This makes the course very valuable to anyone who works in this role.

See salaries and explore the career path for Information Security Analyst

Security Architect

Security Architects design, implement, and maintain an organization's IT security infrastructure. This involves working with a variety of security technologies, including firewalls, intrusion detection systems, and encryption. This course is a valuable resource for Security Architects as it provides them with an overview of several aspects of information systems security. It also walks through security assessment activities commonly performed by security professionals.

See salaries and explore the career path for Security Architect

IT Auditor

IT Auditors examine an organization's IT systems and processes to ensure that they are secure and compliant with regulations. They may also provide advice on how to improve IT security. The course covers a variety of topics that are relevant to IT Auditors, including change management and physical security considerations.

See salaries and explore the career path for IT Auditor

Security Consultant

Security Consultants provide advice and guidance to organizations on how to improve their IT security. They may also help organizations to implement and manage security solutions. This course can be helpful for Security Consultants as it provides them with an overview of several aspects of information systems security. It also provides strategies, techniques, and processes for organizational expectations for control set, evaluated, and improved. This makes the course very valuable to anyone who works in this role.

See salaries and explore the career path for Security Consultant

Cybersecurity Engineer

Cybersecurity Engineers design, implement, and maintain IT security systems. They may also work to identify and resolve security vulnerabilities. The course covers several topics relevant to this role, including change management, physical security considerations, and security assessment activities.

See salaries and explore the career path for Cybersecurity Engineer

Security Operations Analyst

Security Operations Analysts monitor an organization's IT systems for security threats. They may also respond to security incidents and investigate security breaches. This course can be helpful for Security Operations Analysts as it provides them with an overview of several aspects of information systems security. It also provides strategies, techniques, and processes for organizational expectations for control set, evaluated, and improved.

See salaries and explore the career path for Security Operations Analyst

IT Security Manager

IT Security Managers are responsible for overseeing an organization's IT security program. They may also work to develop and implement security policies and procedures. This course provides a comprehensive overview of the information systems security field and provides strategies, techniques, and processes for organizational expectations for control set, evaluated, and improved. This course may also be useful for professionals seeking career advancement in this role.

See salaries and explore the career path for IT Security Manager

Risk Manager

Risk Managers identify, assess, and mitigate risks to an organization. They may also develop and implement risk management plans. This course provides an overview of several aspects of information systems security and may be useful for those seeking a career in this field.

See salaries and explore the career path for Risk Manager

Incident Responder

Incident Responders investigate and resolve security incidents. They may also work to develop and implement incident response plans. This course provides an overview of several aspects of information systems security and may be useful for those seeking a career in this field.

See salaries and explore the career path for Incident Responder

Security Analyst

Security Analysts monitor an organization's IT systems for security threats. They may also investigate security incidents and provide advice on how to improve IT security. This course provides an overview of several aspects of information systems security and may be useful for those seeking a career in this field.

See salaries and explore the career path for Security Analyst

Penetration Tester

Penetration Testers identify and exploit vulnerabilities in an organization's IT systems. They may also provide advice on how to improve IT security. This course provides an overview of several aspects of information systems security and may be useful for those seeking a career in this field.

See salaries and explore the career path for Penetration Tester

Compliance Analyst

Compliance Analysts ensure that an organization's IT systems are compliant with regulations. They may also develop and implement compliance programs. This course provides an overview of several aspects of information systems security and may be useful for those seeking a career in this field.

See salaries and explore the career path for Compliance Analyst

Forensic Analyst

Forensic Analysts investigate computer crimes and cyberattacks. They may also provide evidence for legal proceedings. This course provides an overview of several aspects of information systems security and may be useful for those seeking a career in this field.

See salaries and explore the career path for Forensic Analyst

Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is responsible for overseeing an organization's IT security program. They may also develop and implement security policies and procedures. This course provides a comprehensive overview of the information systems security field and provides strategies, techniques, and processes for organizational expectations for control set, evaluated, and improved. This course may also be useful for professionals seeking career advancement in this role.

See salaries and explore the career path for Chief Information Security Officer (CISO)

IT Project Manager

IT Project Managers plan and execute IT projects. They may also work to ensure that IT projects are completed on time, within budget, and to the required quality standards. This course provides an overview of several aspects of information systems security and may be useful for those seeking a career in this field.

See salaries and explore the career path for IT Project Manager