ISC2
Introducing Security: Aligning Asset and Risk Management
ISC2

Introducing Security: Aligning Asset and Risk Management

This course is part of (ISC)² Systems Security Certified Practitioner (SSCP)

Taught in English

Some content may not be translated

9,625 already enrolled

Course

Gain insight into a topic and learn the fundamentals

4.6

(117 reviews)

|

90%

Beginner level

Recommended experience

7 hours (approximately)
Flexible schedule
Learn at your own pace

Skills you'll gain

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

18 quizzes

Course

Gain insight into a topic and learn the fundamentals

4.6

(117 reviews)

|

90%

Beginner level

Recommended experience

7 hours (approximately)
Flexible schedule
Learn at your own pace

See how employees at top companies are mastering in-demand skills

Placeholder

Build your subject-matter expertise

This course is part of the (ISC)² Systems Security Certified Practitioner (SSCP)
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate
Placeholder
Placeholder

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

Placeholder

There are 5 modules in this course

One of the first questions we should ask is, what is information security? Information security can have completely different meanings for different people. 

What's included

13 videos6 readings3 quizzes

Asset management deals with the protection of valuable assets to the organization as those assets progress through their lifecycle. Therefore, we need to address the security of assets all through the stages of their lifecycle including creation/collection, identification and classification, protection, storage, usage, maintenance, disposal, retention/archiving and defensible destruction of assets. To properly protect valuable assets, such as information, an organization requires the careful and proper implementation of ownership and classification processes, which can ensure that assets receive the level of protection based on their value to the organization.  The enormous increase in the collection of personal information by organizations has resulted in a corresponding increase in the importance of privacy considerations. As a result, privacy protection constitutes an important part of asset security.  Appropriate security controls must be chosen to protect the asset as it progresses through its lifecycle, bearing in mind the requirements of each phase and the handling requirements throughout. 

What's included

6 videos4 readings6 quizzes

In this module we begin to look at the risk management process. Risk management is a critical component of an information security program since it drives the selection of controls used to mitigate business and IT risk. The risk management program manages risk, but it does not eliminate it. All activities have an element of risk associated with them (even doing nothing is risky business), so risk management must be an essential part of every organization’s management and operational plans.  In the IT department, we tend to see risk from a negative viewpoint; it represents the problems and inconvenience associated with IT systems failure. We see risk as what happens when something goes wrong, and we are under pressure to fix the problem as quickly as possible. However, in the rest of the business, risk is seen as opportunity — the chance to take a risk and make a return on investment — and the larger the risk, the greater the possible reward (or loss).  First, a definition of risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. It is often expressed as a combination of (1) the adverse impacts that would arise if the circumstance or event occurs, and (2) the likelihood of occurrence.   Note that information system-related security risks are those risks that arise from the loss or compromise of any of the information security attributes (CIANA+PS) required of information or information systems. It reflects the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the nation.  We see from this definition (which is, first of all, IT based) that risk is associated with threats, impact, and likelihood. But this definition also states that IT risk is a subset of business risk and must be measured by the impact of the risk event on organizational operations, assets, and other third parties. 

What's included

5 videos4 quizzes

The next step after gaining an understanding of the context for the risk management effort (through the Risk Frame process) is to perform the risk assessment. Risk assessment is the process of identifying risk and then evaluating and prioritizing risk based on the level of importance (severity) of the risk. The final deliverable from the risk assessment process is to communicate risk to management often through a Risk Assessment Report (RAR) and by updating the risk register.

What's included

14 videos8 readings4 quizzes

Chapter 1 has shown us how information security exists to support the organization in achieving its goals and priorities by protecting its vital information assets. In doing so, the information security team starts with some very fundamental ideas about information security and applies these to understand the potential risks to those assets. We’ve looked at the most important attributes or characteristics of information security, which the mnemonic CIANA+PS represents: confidentiality, integrity, availability, non-repudiation, authenticity, privacy, and safety. These are the touchstones, the criteria, by which we as information security specialists must measure our successes and our failures.  Managing information risk is a primary part of the information security job. Chapter 1 has begun the process of showing us how to manage these risks, within the framework and context of how the organization manages its information assets. Subsequent chapters and their activities will continue to examine these ideas and concepts.  Last, but certainly not least, chapter 1 reminds us that we are members of the professional cadre of information security specialists. Businesses and governments, as well as individuals and organizations, must be able to trust that their day-to-day activities are using reliable, trustworthy information as their fuel. The ethical duties of due care and due diligence, which we examined in this chapter, provide each of us with the guideposts needed as we put our skills and knowledge to work.  In chapter 2, we examine the actions needed to develop a security culture within the organization. We will delve into using policies to enforce security requirements and how we can safeguard our information systems and ensure their use only by authorized users. 

What's included

1 reading1 quiz1 peer review

Instructor

Instructor ratings
4.6 (34 ratings)
(ISC)² Education & Training
ISC2
20 Courses73,388 learners

Offered by

ISC2

Recommended if you're interested in Security

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

Showing 3 of 117

4.6

117 reviews

  • 5 stars

    81.19%

  • 4 stars

    11.96%

  • 3 stars

    0.85%

  • 2 stars

    2.56%

  • 1 star

    3.41%

JM
4

Reviewed on Dec 5, 2022

SK
5

Reviewed on Oct 11, 2022

JJ
5

Reviewed on Sep 5, 2023

New to Security? Start here.

Placeholder

Open new doors with Coursera Plus

Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Frequently asked questions