Security Risk Analysis (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Security Risk Analysis Knowledge Unit is to provide students with sufficient understanding of risk assessment models, methodologies and processes such that they can perform a risk assessment of a particular systems and recommend mitigations to identified risks.


After completing the KU, students will be able to:

  1. Analyze how risk relates to a system security policy.
  2. Assess various risk analysis methodologies.
  3. Evaluate and categorize risk:
    1. With respect to technology
    2. With respect to individuals
    3. With respect to the enterprise
    4. Recommend appropriate responses.
  4. Compare the advantages and disadvantages of various risk assessment methodologies.
  5. Prepare a preferred methodology based on needs, advantages and disadvantages.


  1. Risk Assessment/Analysis Methodologies
  2. Risk Measurement and Evaluation Methodologies
  3. Risk Management Models
  4. Risk Management Processes
  5. Risk Mitigation Economics
  6. Risk Transference/Acceptance/Mitigation
  7. Communication of Risk


  1. Identify and categorize risks in a cyber system.
  2. Describe and evaluate risk mitigation strategies for specific risks.
    • Risk Avoidance.
    • Risk Reduction.
    • Risk Transfer.
    • Risk Acceptance.
  3. Prepare a risk mitigation plan based on proposed strategies, budget, risk appetite, and other considerations.

NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]


Reference ID[edit]