The Security Risk Assessment Handbook

Time to level up. This security risk assessment course turns beginners into experts, one interactive lesson at a time.

(SEC-RISK.AV1) / ISBN : 978-1-64459-736-1
Lessons
AI Tutor (Add-on)
Get A Free Trial

About This Course

Enroll in our security risk assessment course to master the art of identifying threats, analyzing vulnerabilities, and implementing rock-solid safeguards.

In this course, dive into every phase of a professional security risk assessment, from project scoping and data gathering to risk analysis and mitigation. Learn the RIIOT method for bulletproof evaluations, dissect +200 security controls, and access interactive exercises that turn theory into action.

From small businesses to high-stakes agencies like the CIA and NATO, this training gives you the tools, frameworks, and insider techniques to assess risks like a professional. 

Skills You’ll Get

  • RIIOT Method: Learn to systematically gather, analyze, and report security risk data with a proven framework.
  • Threat & Vulnerability Analysis: Identify critical threats, assess vulnerabilities, and prioritize risks.
  • Risk Mitigation Strategies: Select and implement the right safeguards to reduce risk based on organizational needs.
  • Security Control Evaluation: Assess over 200+ administrative, technical, and physical controls.
  • Professional Risk Reporting: Deliver clear, actionable security reports that drive decision-making for stakeholders.
  • Real-World Risk Assessment Execution: Manage full-scale assessments from scoping to final recommendations, just as top agencies (CIA, NATO) do.

1

Introduction

  • The Role of the Chief Information Security Officer
  • Ensuring a Quality Information Security Risk Assessment
  • Security Risk Assessment
  • Related Activities
  • The Need for This Course
  • Who Is This Course For?
  • Exercises
  • Bibliography
2

Information Security Risk Assessment Basics

  • Phase 1: Project Definition
  • Phase 2: Project Preparation
  • Phase 3: Data Gathering
  • Phase 4: Risk Analysis
  • Phase 5: Risk Mitigation
  • Phase 6: Risk Reporting and Resolution
  • Exercises
  • Bibliography
3

Project Definition

  • Ensuring Project Success
  • Project Description
  • Exercises
  • Bibliography
4

Security Risk Assessment Preparation

  • Introduce the Team
  • Review Business Mission
  • Identify Critical Systems
  • Identify Asset Classes
  • Identifying Threats
  • Determine Expected Controls
  • Exercises
  • Bibliography
5

Data Gathering

  • SIDEBAR 5.1 Data Gathering: Tools versus Experience
  • Security Control Representation
  • Evidence Depth
  • The RIIOT Method of Data Gathering
  • Exercises
  • Bibliography
6

Administrative Data Gathering

  • Administrative Threats and Safeguards
  • The RIIOT Method: Administrative Data Gathering
  • Exercises
  • Bibliography
7

Technical Data Gathering

  • Technical Threats and Safeguards
  • The RIIOT Method: Technical Data Gathering
  • Exercises
  • Bibliography
8

Physical Data Gathering

  • SIDEBAR 8.1 Physical Security Assessments
  • Physical Threats and Safeguards
  • The RIIOT Method: Physical Data Gathering
  • Exercises
  • Bibliography
9

Security Risk Analysis

  • Obtaining Measurement Data for Security Risk Analysis
  • Qualitative Security Risk Analysis Techniques
  • Quantitative Security Risk Analysis Techniques
  • Summarizing Security Risk Analysis
  • Exercises
  • Bibliography
10

Security Risk Analysis Worked Examples

  • RIIOT FRAME
  • Exercises
11

Security Risk Mitigation

  • Defining Security Risk Appetite
  • Selecting Safeguards
  • Safeguard Solution Sets
  • Establishing Security Risk Parameters
  • Exercises
12

Security Risk Assessment Reporting

  • Cautions in Reporting
  • Pointers in Reporting
  • Report Structure
  • Document Review Methodology: Create the Report Using a Top-Down Approach
  • Assessment Brief
  • Action Plan
  • Exercises
  • Bibliography
13

Security Risk Assessment Project Management

  • Project Planning
  • Project Tracking
  • Taking Corrective Measures
  • Project Status Reporting
  • Project Conclusion and Wrap-Up
  • Exercises
  • Bibliography
14

Security Risk Assessment Approaches

  • Security Risk Assessment Methods
  • Security Risk Assessment Frameworks
  • Exercises
  • Bibliography

Any questions?
Check out the FAQs

  Want to Learn More?

Contact Us Now

The 5 key steps are:

  • Project Definition: Scope the assessment and set objectives.
  • Data Gathering: Collect security control details (administrative, technical, physical).
  • Risk Analysis: Evaluate threats, vulnerabilities, and potential impact.
  • Risk Mitigation: Recommend safeguards to reduce risk.
  • Reporting & Resolution: Deliver findings and action plans to stakeholders.

This security risk assessment training teaches the RIIOT method to execute these steps effectively.

The three core types are:

  • Physical Risks: Unauthorized access, theft, or damage to hardware/facilities.
  • Technical Risks: Cyber threats (hacking, malware, data breaches).
  • Administrative Risks: Weak policies, human error, or compliance gaps.

The course covers 200+ controls across all three categories.

This cybersecurity risk management course is the fastest way to master it:

  • Step-by-step training: From basics to advanced techniques (like RIIOT FRAME).
  • Hands-on exercises: Practice with gamified practice tests, packed with performance-based questions. 
  • Proven methods: Used by CIA, NSA, and NATO.

Risk Assessment Made Simple

  This Security Risk Assessment Course gives you the exact methods to identify vulnerabilities, analyze risks, and implement bulletproof safeguards.

$199.99

Buy Now

Related Courses

All Course
scroll to top