Security Risk Analysis (2020)
The intent of the Security Risk Analysis Knowledge Unit is to provide students with sufficient understanding of risk assessment models, methodologies and processes such that they can perform a risk assessment of a particular systems and recommend mitigations to identified risks.
To complete this KU, students should be able to:
- Describe how risk relates to a system security policy.
- Describe various risk analysis methodologies.
- Evaluate and categorize risk 1) with respect to technology; 2) with respect to individuals, and 3) in the enterprise, and recommend appropriate responses.
- Compare the advantages and disadvantages of various risk assessment methodologies
- Select a preferred methodology based on needs, advantages and disadvantages.
- Risk Assessment/Analysis Methodologies
- Risk Measurement and Evaluation Methodologies
- Risk Management Models
- Risk Management Processes
- Risk Mitigation Economics
- Risk Transference/Acceptance/Mitigation
- Communication of Risk
- Identify and categorize risks in a cyber system.
- Describe and evaluate risk mitigation strategies for specific risks.
- Risk Avoidance.
- Risk Reduction.
- Risk Transfer.
- Risk Acceptance.
- Prepare a risk mitigation plan based on proposed strategies, budget, risk appetite, and other considerations.
NICE Framework Categories
- Data Management Systems Security
- Data Security Analysis
- Industrial Control Systems-SCADA Security
- Secure Cloud Computing
- Secure Mobile Technology
Related Knowledge Units
Suggested academic readings
Sample knowledge test
Sample skills test
Sample abilities test
Additional notes or materials