Security Risk Analysis (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Security Risk Analysis Knowledge Unit is to provide students with sufficient understanding of risk assessment models, methodologies and processes such that they can perform a risk assessment of a particular systems and recommend mitigations to identified risks.


To complete this KU, students should be able to:

  1. Describe how risk relates to a system security policy.
  2. Describe various risk analysis methodologies.
  3. Evaluate and categorize risk 1) with respect to technology; 2) with respect to individuals, and 3) in the enterprise, and recommend appropriate responses.
  4. Compare the advantages and disadvantages of various risk assessment methodologies
  5. Select a preferred methodology based on needs, advantages and disadvantages.


  1. Risk Assessment/Analysis Methodologies
  2. Risk Measurement and Evaluation Methodologies
  3. Risk Management Models
  4. Risk Management Processes
  5. Risk Mitigation Economics
  6. Risk Transference/Acceptance/Mitigation
  7. Communication of Risk


  1. Identify and categorize risks in a cyber system.
  2. Describe and evaluate risk mitigation strategies for specific risks.
    • Risk Avoidance.
    • Risk Reduction.
    • Risk Transfer.
    • Risk Acceptance.
  3. Prepare a risk mitigation plan based on proposed strategies, budget, risk appetite, and other considerations.

NICE Framework Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]


Reference ID[edit]