This course is part of the (ISC)² Systems Security Certified Practitioner (SSCP)

4.7
stars
41 ratings

(ISC)² Education & Training

3,558 already enrolled

Offered By

(ISC)² Systems Security Certified Practitioner (SSCP) (ISC)²

About this Course

31,816 recent views

Course 1 -  Introducing Security and Aligning Asset Management to Risk Management
In this course, we're going to start by discussing the security concepts, identifying corporate assets, and discussing the risk management process. 

Course 1 Learning Objectives

After completing this course, the participant will be able to:  

L1.1 - Classify information security and security concepts.  
L1.2 - Summarize components of the asset management lifecycle.  
L1.3 - Identify common risks and vulnerabilities.  
L1.4 - Provide examples of appropriate risk treatment. 

Course Agenda

Module 1: Understand Security Concepts (Domain 1 - Security Operations and Administration)
Module 2: Participate in Asset Management (Domain 1 - Security Operations and Administration)
Module 3: Understand the Risk Management Process (Domain 3 - Risk Identification, Monitoring and Analysis)
Module 4: Understand the Risk Treatment Process (Domain 3 - Risk Identification, Monitoring and Analysis)

Who Should Take This Course: Beginners

Experience Required: No prior experience required

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 1 of 8 in the

(ISC)² Systems Security Certified Practitioner (SSCP)

Beginner Level

No prior experience required

Approx. 7 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Skills you will gain

Asset
Risk Management

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 1 of 8 in the

(ISC)² Systems Security Certified Practitioner (SSCP)

Beginner Level

No prior experience required

Approx. 7 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Instructor

Instructor rating

4.46/5 (15 Ratings)

(ISC)² Education & Training

Education & Training

42,421 Learners

19 Courses

Offered by

(ISC)²

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Syllabus - What you will learn from this course

Week1

Week 1

2 hours to complete

Module 1: Understand Security

2 hours to complete

6 readings

2 hours to complete

Module 2: Participate in Asset Management

Asset management deals with the protection of valuable assets to the organization as those assets progress through their lifecycle. Therefore, we need to address the security of assets all through the stages of their lifecycle including creation/collection, identification and classification, protection, storage, usage, maintenance, disposal, retention/archiving and defensible destruction of assets. To properly protect valuable assets, such as information, an organization requires the careful and proper implementation of ownership and classification processes, which can ensure that assets receive the level of protection based on their value to the organization. 

The enormous increase in the collection of personal information by organizations has resulted in a corresponding increase in the importance of privacy considerations. As a result, privacy protection constitutes an important part of asset security.  Appropriate security controls must be chosen to protect the asset as it progresses through its lifecycle, bearing in mind the requirements of each phase and the handling requirements throughout.

2 hours to complete

4 readings

4 readings

Identification of Assets4mInformation Asset Ownership2mOperations/Maintenance1mThird Party/Outsourcing Implications5m

6 practice exercises

Applied Scenario 1 Review: Data Retention and Disposal10mKnowledge Check: Protecting Assets6mKnowledge Check: Determining Asset Value6mKnowledge Check: Information Asset Inventory18mActivity 2: Information Asset Risk Management4mKnowledge Check: Asset Management4m

Week2

Week 2

1 hour to complete

Module 3: Understand the Risk Management Process

In this module we begin to look at the risk management process. Risk management is a critical component of an information security program since it drives the selection of controls used to mitigate business and IT risk. The risk management program manages risk, but it does not eliminate it. All activities have an element of risk associated with them (even doing nothing is risky business), so risk management must be an essential part of every organization’s management and operational plans. 

In the IT department, we tend to see risk from a negative viewpoint; it represents the problems and inconvenience associated with IT systems failure. We see risk as what happens when something goes wrong, and we are under pressure to fix the problem as quickly as possible. However, in the rest of the business, risk is seen as opportunity — the chance to take a risk and make a return on investment — and the larger the risk, the greater the possible reward (or loss).  First, a definition of risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. It is often expressed as a combination of (1) the adverse impacts that would arise if the circumstance or event occurs, and (2) the likelihood of occurrence.   Note that information system-related security risks are those risks that arise from the loss or compromise of any of the information security attributes (CIANA+PS) required of information or information systems. It reflects the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the nation.  We see from this definition (which is, first of all, IT based) that risk is associated with threats, impact, and likelihood. But this definition also states that IT risk is a subset of business risk and must be measured by the impact of the risk event on organizational operations, assets, and other third parties.

1 hour to complete

2 hours to complete

Module 4: Understand the Risk Treatment Process

The next step after gaining an understanding of the context for the risk management effort (through the Risk Frame process) is to perform the risk assessment. Risk assessment is the process of identifying risk and then evaluating and prioritizing risk based on the level of importance (severity) of the risk. The final deliverable from the risk assessment process is to communicate risk to management often through a Risk Assessment Report (RAR) and by updating the risk register.

2 hours to complete

8 readings

Week3

Week 3

1 hour to complete

Module 5: Chapter 1 Review

Chapter 1 has shown us how information security exists to support the organization in achieving its goals and priorities by protecting its vital information assets. In doing so, the information security team starts with some very fundamental ideas about information security and applies these to understand the potential risks to those assets. We’ve looked at the most important attributes or characteristics of information security, which the mnemonic CIANA+PS represents: confidentiality, integrity, availability, non-repudiation, authenticity, privacy, and safety. These are the touchstones, the criteria, by which we as information security specialists must measure our successes and our failures. 

Managing information risk is a primary part of the information security job. Chapter 1 has begun the process of showing us how to manage these risks, within the framework and context of how the organization manages its information assets. Subsequent chapters and their activities will continue to examine these ideas and concepts.  Last, but certainly not least, chapter 1 reminds us that we are members of the professional cadre of information security specialists. Businesses and governments, as well as individuals and organizations, must be able to trust that their day-to-day activities are using reliable, trustworthy information as their fuel. The ethical duties of due care and due diligence, which we examined in this chapter, provide each of us with the guideposts needed as we put our skills and knowledge to work.  In chapter 2, we examine the actions needed to develop a security culture within the organization. We will delve into using policies to enforce security requirements and how we can safeguard our information systems and ensure their use only by authorized users.

1 hour to complete

1 reading

Reviews

4.7

20 reviews

5 stars
80.48%
4 stars
12.19%
3 stars
2.43%
2 stars
4.87%

TOP REVIEWS FROM INTRODUCING SECURITY: ALIGNING ASSET AND RISK MANAGEMENT

by SKOct 11, 2022

Thank you so much, it’s very professional and informative course

by JMDec 5, 2022

Great videos, the tests were a little off between mixed material and grading

by SSNov 1, 2022

Aligning Asset and Risk Management Course provides sufficient guidance to the learner to perform the duties assigned to the professional who is working in the field.

by PKDec 13, 2022

Nice experience. This is my first course in which i have went through peer assessment and review.Totally overwhelming , Great content.

View all reviews

About the (ISC)² Systems Security Certified Practitioner (SSCP)

Pursue better IT security job opportunities and prove knowledge with confidence. The SSCP Professional Training Certificate shows employers you have the IT security foundation to defend against cyber attacks – and puts you on a clear path to earning SSCP certification.

Learn on your own schedule with 120-day access to content aligned with the latest (ISC)2 SSCP exam domains. We’re offering the complete online self-paced program for only $1,000 – a $200 savings when you get all domains bundled together. 3 Steps to Career Advancement 1. Register for the course 2. Gain access for 120 days 3. Register and sit for the SSCP certification exam Upon completing the SSCP Professional Certificate, you will: 1. Complete six courses of preparing you to sit for the Systems Security Certified Practitioner (SSCP) certification exam as outlined below. Course 1 - Access Controls Course 2 - Security Operations and Administration Course 3 - Risk Identification, Monitoring, and Analysis/Incident Response and Recovery Course 4 - Cryptography Course 5 - Network and Communication Security Course 6 - Systems and Application Security 2. Receive a certificate of program completion. 3. Understand how to implement, monitor and administer an organization’s IT infrastructure in accordance with security policies and procedures that ensure data confidentiality, integrity and availability.

(ISC)² Systems Security Certified Practitioner (SSCP)

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Certificate?
When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
What is the refund policy?
If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.

More questions? Visit the Learner Help Center.

Build employee skills, drive business results

Discover Coursera for Business

Introducing Security: Aligning Asset and Risk Management

About this Course

Skills you will gain