Cybersecurity Risk Management

This course covers the professional practice of cybersecurity risk management considered from the perspective of enterprise governance. It encompasses cybersecurity risk identification, classification, measurement, remediation, monitoring and reporting. Concepts are explained with examples and illustrations to accelerate the learning process.

Connections are made between established risk management principles and attributes of risk unique to cybersecurity. Participants are expected to have some level of experience in risk management principles and practices, but deep expertise in risk management is not required. Participants are not expected to have technology expertise but may expect to develop capability for critical thinking with respect to technology.

The course enhances the awareness of participants at all levels on how to leverage their own experience to develop their understanding of the field of cybersecurity risk management.   

Learning Objectives

The overall objective is to enable and empower risk professionals to confidently, efficiently, and effectively contribute to cybersecurity risk management programs.

Specific skills that will be taught in this course include how to:

• Recognize and examine cybersecurity risk frameworks
• Plan and execute cybersecurity scenario analysis
• Summarize cybersecurity governance structures
• Select and interpret cybersecurity risk indicators

Cybersecurity Risk Frameworks

• Industry
• Regulatory
• Enterprise
  

 Cyber Scenarion Analysis

• Threat Actors
• Security Operations
• Event Categories
• Loss Calculation

 Technology Controls

• Roles and Responsibilities
• Governance Processes

Cybersecurity Risk Metrics

• Key Cyber Risk Indicators
• Cybersecurity Risk Appetite and Tolerance

Jennifer L. Bayuk is a Cybersecurity due diligence expert. She has been a Global Financial Services Technology Risk Management Officer, a Wall Street Chief Information Security Officer, a Big 4 Information Risk Management Consultant, a Manager of Information Technology Internal Audit, a Security Architect, a Bell Labs Security Software Engineer, a Professor of Systems Security Engineering, and a Private Cybersecurity Investigator and Expert Witness. She is currently developing Cybersecurity Frameworks with Decision Framework Systems, Inc. and consulting with TAG-Cyber.

Bayuk has numerous publications on information security management, information technology risk management, information security tools and techniques, cybersecurity forensics, technology-related privacy issues, audit of physical and information systems, security awareness education, and systems security metrics. She is the author of: Stepping through the IS Audit, Stepping through the InfoSec Program, Enterprise Security for the Executive, and author/editor of: Cyberforensics, Cybersecurity Policy Guidebook, Enterprise Information Security and Privacy, and Financial Cybersecurity Risk Management.

Bayuk’s direct technology experience spans enterprise architecture, telecommunications networks, operating systems, database management systems, network management systems, application development and support, technology forensics, business continuity, and operations process. She has Masters Degrees in Computer Science and Philosophy, and a PhD in Systems Engineering. Her certifications include CISSP, CISA, CISM, CGEIT, and a NJ State Private Investigator's License.