MGT415: A Practical Introduction to Cyber Security Risk Management

Provided by SANS
Qualification level
Study type
Distance learning
View Website
View Website

About the course

In this course students will learn the practical skills necessary to perform regular risk assessments for their organizations. The ability to perform risk management is crucial for organizations hoping to defend their systems. There are simply too many threats, too many potential vulnerabilities that could exist, and simply not enough resources to create an impregnable security infrastructure. Therefore every organization, whether they do so in an organized manner or not, will make priority decision on how best to defend their valuable data assets. Risk management should be the foundational tool used to facilitate thoughtful and purposeful defense strategies.


Course Syllabus

MGT415.1: A Practical Introduction to Assessing Cyber Security Risk

CPE/CMU Credits: 6


  • Understanding Risk
  • How to Perform a Simple Risk Assessment
  • Risk Assessment Case Study
  • Formal Risk Management Models & Tools


MGT415.2: A Practical Introduction to Managing Cyber Security Risk

CPE/CMU Credits: 6


  • Control Focused Risk Management
  • Event Focused Risk Management
  • Presenting Risk to Business Owners
  • Risk Remediation & Response
  • Tracking Long Term Risk


Who Should Attend

  • Any security engineers, compliance directors, managers, auditors - basically any SANS alumni potentially.
  • Auditors
  • Directors of security compliance
  • Information assurance management
  • System administrators



  • A basic understanding of information security and information security management topics is helpful for students attending this class. However a strong background in any of these skills is not a pre-requisite for the class. In the class students will be taught a step by step approach for performing a risk assessment regardless of their technical information security or management background.


What You Will Receive

  • Courseware for learning how to perform risk management.
  • A unique course spreadsheet tool for performing risk management.
  • Open source tools for performing risk management.
  • MP3 audio files of the complete course lecture.


You Will Be Able To

  • Perform a complete risk assessment.
  • Inventory an organization's most critical information assets.
  • Assign a data owner and custodian to an information asset.
  • Assign classification values to critical information assets.
  • Prioritize risk remediation efforts as a result of performing a risk assessment.
  • Evaluate risk management models for use in their own organization.

Contact the course provider: