How does this course differ from other risk management courses?

This course combines theoretical knowledge with practical tools, such as risk registers and quantitative approaches (ALE & PRA), as well as frameworks like ISO 27005 and NIST.You’llalso discover how to enforce risk management in the IT lifecycle, providing practical applicability.

Will I be able to apply risk management frameworks in my role?

Absolutely! This course dives deep into frameworks like Enterprise Risk Management (ERM) and NIST Risk Assessment, helping you apply these structures toidentifyvulnerabilities, assess potential impacts, and create actionable risk management plans in your workplace.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Information Security Risk Management

Grow your skills with Coursera Plus for $239/year (usually $399). Save now.

Information Security Risk Management

This course is part of CISM Certification Preparation Specialization

Instructor: LearnKartS

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

1 week to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

4 modules

Gain insight into a topic and learn the fundamentals.

1 week to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Gain a deep understanding of Risk Management principles,includingrisk appetite,tolerance, and capacity to drive informed decision-making.
Master risk identification techniques to assess threats, vulnerabilities, and existing controls, and create comprehensive risk registers.
Learn qualitative and quantitative risk analysis methods like ALE, FAIR, and PRA to evaluate and prioritize risks effectively.
Develop risk response strategies, define ownership, & build communication frameworks to monitor, report, & mitigate risks across the organization.

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the CISM Certification Preparation Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 4 modules in this course

Still identifying risks, but unable to quantify or justify them to leadership?

Listing threats isn’t enough. Senior roles require people who can judge impact, prioritize exposure, choose responses, and communicate risk in business terms. And that’s precisely what this course develops. This Information Security Risk Management course develops CISM-aligned risk analysis and decision-making skills. You will learn to: • Establish risk appetite, tolerance, as well as enterprise context • List assets, threats, vulnerabilities, & control gaps • Build structured risk registers and risk scenarios • Apply qualitative and quantitative methods (ALE, FAIR, PRA) • Use NIST and ISO 27005 risk assessment frameworks • Select responses and report risk effectively to stakeholders Unlike other courses, this CISM course combines enterprise frameworks with practical risk analysis techniques. In the end, you’ll confidently assess, rank, and communicate risk to support strategic decisions. Enroll now and become a risk-driven security leader.

This module provides an overview of risk management, covering its key concepts, types of risks, and the risk management framework. You'll also learn about risk appetite, tolerance, and the phases of enterprise risk management.

What's included

9 videos1 reading4 assignments

9 videos Total 36 minutes

Course Introduction 2 minutes
Risk Management Overview 4 minutes
Influencing Factors for Risk Management Program 3 minutes
Risk Universe / Capacity / Appetite / Tolerance 5 minutes
Risk Types 5 minutes
Risk Management Framework 4 minutes
Risk Management Functions 5 minutes
Risk Management in IT Lifecycle 4 minutes
Enterprise Risk Management Phases 4 minutes

1 reading Total 10 minutes

Building a Risk Management Framework 10 minutes

4 assignments Total 72 minutes

Checkpoint Quiz 16 minutes
Checkpoint Quiz 16 minutes
Proficiency Quiz 20 minutes
Proficiency Quiz 20 minutes

This module focuses on identifying and assessing risks, including techniques for asset identification, threat analysis, and documenting risks in a risk register. You'll also learn about identifying vulnerabilities and control deficiencies.

What's included

16 videos1 reading6 assignments

16 videos Total 64 minutes

Module Introduction 1 minute
Risk Identification 6 minutes
Risk Identification Techniques 5 minutes
Risk Identification Process 5 minutes
Asset Identification Process 5 minutes
Identifying Threats & Their Types 6 minutes
Identifying Existing Controls 3 minutes
Details of Vulnerabilities 4 minutes
Identifying Control Deficiency Using Baselines 4 minutes
Identifying Consequences 4 minutes
Risk Documentation 2 minutes
Sample Risk Register 4 minutes
Role of ISM in Risk Identification 4 minutes
Risk Scenarios to Transition from Risk Identification to Risk Analysis 3 minutes
Risk Scenario Factors 6 minutes
How Risk Scenarios are Linked to Risk Analysis 3 minutes

1 reading Total 10 minutes

Analyzing Vulnerabilities and Control Deficiencies 10 minutes

6 assignments Total 135 minutes

Checkpoint Quiz 24 minutes
Checkpoint Quiz 24 minutes
Checkpoint Quiz 12 minutes
Proficiency Quiz 30 minutes
Proficiency Quiz 30 minutes
Proficiency Quiz 15 minutes

This module covers both qualitative and quantitative risk analysis methods, including tools like ALE and FAIR. You'll also explore risk ranking, evaluation, and the risk assessment methodologies used in frameworks like NIST and ISO 27005.

What's included

16 videos6 assignments

16 videos Total 70 minutes

Module Introduction 1 minute
Risk Analysis Overview 5 minutes
Risk Analysis Methods 6 minutes
Qualitative Risk Analysis – Overview 5 minutes
Quantitative Risk Analysis – Overview 5 minutes
Annualized Loss Expectancy (ALE) 4 minutes
FAIR (Factor Analysis of Information Risk) 6 minutes
HARM—Holistic Approach to Risk Management 5 minutes
Probabilistic Risk Assessment (PRA) 4 minutes
Other Risk Analysis Methods 5 minutes
Risk Ranking 4 minutes
Correlating Risk Analysis, Ranking, and Evaluation 3 minutes
Risk Evaluation 5 minutes
Risk Assessment 4 minutes
NIST Risk Assessment Methodology 5 minutes
ISO 27005 Risk Assessment Process Steps 4 minutes

6 assignments Total 135 minutes

Checkpoint Quiz 12 minutes
Checkpoint Quiz 24 minutes
Checkpoint Quiz 24 minutes
Proficiency Quiz 15 minutes
Proficiency Quiz 30 minutes
Proficiency Quiz 30 minutes

This module teaches risk response options, workflows, and decision-making between risk acceptance and ignorance. You'll also learn how to communicate risks effectively to stakeholders and monitor ongoing risk management efforts.

What's included

13 videos1 reading6 assignments

13 videos Total 43 minutes

Module Introduction 1 minute
Risk Response Options 5 minutes
Risk Response Workflow 4 minutes
Selecting Risk Response 6 minutes
Risk Acceptance vs Risk Ignorance 3 minutes
What Is Risk Ownership? 2 minutes
Relationship Between Risk and Control 4 minutes
Risk Owner vs Control Owner 4 minutes
Risk Monitoring 2 minutes
Risk Reporting 2 minutes
Reporting Risk Changes to Stakeholders 3 minutes
Risk Communication, Awareness, and Consulting 3 minutes
Summary 3 minutes

1 reading Total 10 minutes

Defining Risk Ownership and Control Structures 10 minutes

6 assignments Total 99 minutes

Checkpoint Quiz 16 minutes
Checkpoint Quiz 12 minutes
Checkpoint Quiz 16 minutes
Proficiency Quiz 20 minutes
Proficiency Quiz 15 minutes
Proficiency Quiz 20 minutes

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

LearnKartS

145 Courses 186,699 learners

Offered by

LearnKartS

Explore more from Security

LearnKartS
Information Security Governance
Course
LearnKartS
Information Security Program Management
Course
LearnKartS
Information Security Incident Management
Course

Why people choose Coursera for their career

Felipe M.

Learner since 2018

"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020

"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021

"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Open new doors with Coursera Plus

Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Learn more

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Explore degrees

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Learn more

Frequently asked questions

You will be taught how toidentify, analyze,assess,and respond tosecurityrisks.This CISM certification training course typicallyaddressesrisk management frameworks, identification techniques, vulnerability analysis, methods for quantitative and qualitative risk analysis, riskevaluationand response options as well ashow tocommunicateeffectively about risks.

Yes!It’ssuitable for beginnersand seasonedprofessionals. You begin with the basics of risk management and work on to more advanced topics such asrisk ranking, vulnerability analysis, andusing ERM systems in practice.

ThisCISM trainingcourse willlook intodifferent risk responses such as acceptance, avoidance, andmitigation.You will learn how to choose the right response based on risk ranking andorganizationalcapacity and recognize the importanceof risk ownership,as well as controls in mitigating security risks.

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.