As organizations become more reliant on IT systems to store all kinds of information, facilitate communication among colleagues and customers, and track business-related statistics, information is becoming more precious and its security increasingly crucial and challenging.

In this course, you'll explore standard information security concepts and the security-related roles within an organization. You'll examine where various security-related responsibilities fall throughout the organization and the importance of solid strategic planning and decision-making when implementing proper information security.

You will also investigate the concept of security governance and the activities involved. Finally, you'll delve into the relationship between an organization's overall business objectives and how information security can promote these.

With information security a key concern for organizations, it is important to understand the basic concepts of information security and the security concepts that fall within this topic, such as those within the world of cybersecurity.

In this course, you'll recall information security fundamentals before examining the broad domains within it. You'll then delve into cybersecurity and explore the various approaches to it.

In addition, you'll examine some practical cybersecurity concepts, such as the CIA triad and the security architecture principle. You'll then investigate the actions that expose us to security risks, the roles we play in maintaining or breaching security, and the various security controls that can be implemented to mitigate security-related risks.

Everyone who connects to the Internet is vulnerable to security threats. Managers need to know the types of security threats their organizations are vulnerable to and their potential impact.

In this course, you'll explore the key terms used in cybersecurity. You'll examine different types of threats, threat actors, and targets. You’ll investigate advanced persistent threats (APTs), insider threats, and uncertainty in relation to cybersecurity, as well as the various types of malware and security threats.

There are security issues everywhere. Managers must keep abreast of security risks and threats.

In this course, you'll identify standard security risks and their origins. You'll also learn about more diverse types of security issues and the potential threats to an organization's security.

You'll be given examples from daily life that expose us to security risks. To wrap up, you'll outline effective methods to reduce common security risks that render organizations vulnerable via different channels.

• Familiarity with key terms and concepts associated with security risk enables security leaders to identify, evaluate, and prioritize security risks. In this course, you'll get familiar with the terminologies, activities, and concepts associated with a security risk management process.
• You'll start by discovering the interdependence between assets, vulnerabilities, threats, and risks. You'll then investigate how to assess risk probability, measure the impact created by it, and the difference between risk appetite and risk tolerance.
• Next, you'll examine the components, benefits, and stages of a risk management process. You'll also identify different methods of treating risk and the importance of implementing controls as a part of a risk-based approach.
• Lastly, you'll recognize the standards for risk management and the advantages of managing and assessing security risk.

• Effective security risk management often begins with proper security risk identification. In this course, you'll examine various components of the risk identification process and different techniques used to identify risk.
• You'll begin by distinguishing between threat and risk. You'll then get familiar with other terminologies and concepts associated with risk identification.
• Moving on, you'll recognize the significance of risk identification in recognizing assets and services that are risk-prone. You'll also investigate different methods used to identify risk and best practices for the risk identification process.
• Later in the course, you'll outline common security-related risks and their impact on different components of an organization. Finally, you'll examine the features of a security risk register, its role in risk management, and how to create one in Microsoft Excel.

• The categorization of security risks is essential for effectively assessing and managing risk. In this course, you'll explore the assessment, classification, and prioritization of security risks.
• You'll begin by outlining the concept of risk assessment and the advantages of different risk assessment techniques. You'll also investigate the features of security assessment methods, such as vulnerability assessment and penetration testing, and discover how to assess security vulnerability.
• Moving on, you'll recognize the significance of risk categorization and how to update a risk register in Microsoft Excel using a four-quadrant risk classification matrix.
• Finally, you'll identify the purpose and process of risk prioritization, and the role of a probability-impact matrix in determining risk levels. You'll then investigate how to use the matrix to prioritize risks on a security risk register.

• Highly effective security leaders recognize that they must prioritize and focus their efforts on managing critical security risks. Therefore, once a security risk is identified, it must be carefully evaluated.
• In this course, you'll identify the activities involved in a risk management process, the importance of risk strategies in the context of work environments, and essential decisions required for managing security risks effectively.
• Moving on, you'll investigate the components of a risk management plan and how to improve a risk management strategy by increasing risk tolerance and risk appetite. You'll also outline the importance of mitigation plans and discover how to create one in Microsoft Word.
• Lastly, you'll recognize the role of risk monitoring and control measures in risk management planning and the factors that shape an organization's approach to making decisions in handling risks.

Final Exam: Evaluating and Planning for Security Risks will test your knowledge and application of the topics presented throughout the Evaluating and Planning for Security Risks track of the Skillsoft Aspire Security Essentials for Decision Makers and Leaders Journey.

• To mitigate cyber, data, cloud, and information security risks, you need solid knowledge of the complete network security process, from network design to continuous monitoring and logging.
• In this course, you'll explore some vital network security concepts and standard techniques for mitigating security risks.
• You'll start by examining the potential vulnerabilities in a network and how these turn into threats. You'll then explore the decisions you need to make to secure the network infrastructure.
• Next, you'll investigate different network zones and tools used for monitoring, detection, and logging.
• You'll finish by outlining a secure network design's characteristics and the recommended guidelines and best practices for network security.
• On completion of this course, you'll be able to plan for network and infrastructure-related security risks using recommended tools, methods, and best practices.

• Physical security is an important but potentially overlooked consideration when implementing network security. In this course, you'll explore what's meant by physical security, how you can implement physical security risk countermeasures, and what the motivations are for doing so.
• You'll start by defining physical security. You'll then investigate the critical decisions you must make when planning for physical security. Next, you'll delve into various types of physical security risks, such as tailgating, and the methods to handle these.
• Moving on, you'll outline the layers of security controls that can be added to increase physical security and recognize the challenges security personnel face in ensuring physical safety.
• Lastly, you'll study how the security principles examined in this course can be used in facility and site design, including internal and perimeter security controls.

• Effective cybersecurity risk management requires intricate knowledge of day-to-day IT security risks, network vulnerabilities, and cyber attacks. In this course, you'll detail several cybersecurity breaches and how best to prevent each one.
• You'll start with a general overview of what comprises security risks before categorizing different types into information, cloud, and data-related risks.
• Next, you'll explore cybercrime methods, the motivations behind them, and the security gaps that invite them in. You'll then use real-life examples to detail some commonplace cyberattacks and crimes.
• Moving on, you'll investigate what's meant by malware and outline best practices to manage worms, viruses, logic bombs, trojans, and rootkits.
• You'll also learn how to safeguard against malware, spyware, ransomware, adware, phishing, zero-day vulnerabilities, DoS, and backdoor attacks.
• By the end of the course, you'll be able to outline guidelines and best practices for securing against the most prevalent types of cybercrimes.

• Social engineering is a security attack method that takes advantage of the social aspect of human nature, which includes trust and interactivity. All members of an organization need to recognize how these subtle and manipulative techniques work and what they can do to avoid falling prey to them.
• In this course, you'll explore what's meant by social engineering, examining standard social engineering techniques, the basic principles of these kinds of attacks, their intended outcomes, who and what they target, and the risks they pose for your organization.
• Moving along, you'll investigate how social engineering is used to launch a cyberattack, study different types of spoofing attacks, and specify best practices to safeguard against social engineering.
• At the end of the course, you'll recognize the objectives of social engineering attacks, how they're carried out, and how to implement security measures to prevent them.

• To keep your organization's data secure, you need to know why your data is at risk and how to protect it using established principles and standards. In this course, you'll explore commonly used techniques to compromise data and how international best practices can help protect against these breaches.
• You'll start by examining three fundamental information security principles, which define information security policy and help identify risks. You'll then outline data breach methods and identify the targets of these threats.
• Next, you'll investigate what's meant by 'the human factor' and why it's key to any attack. You'll then study how technologies to secure data and information work under the hood.
• Moving on, you'll outline primary worldwide information security regulations and governance frameworks. Lastly, you'll examine why the ISO 27017 cloud security principles need to be considered when formulating a cloud security risk management plan.

• To lead security-related decisions in the right direction, those

• in specific job roles need to have a solid comprehension of the
• guidelines, measures, and best practices for effective security
• risk management. In this course, you'll learn how to manage various
• types of risks, including those related to information, cloud, and
• data. You'll explore key countermeasures to safeguard information
• and data both on-premises and in the cloud. You'll also examine
• best practices for cloud security, data management, access control,
• and backup. Additionally, you'll outline common security risk
• scenarios and the best ways to protect data and information,
• including from unintentional exposure. Lastly, you'll study how to
• use data science and AI to detect security threats.

• Natural disasters pose serious security threats. Effective planning and management are required to minimize the damage and loss they could cause.
• In this course, you'll explore various types of natural threats, their impact on assets and data, and what you can do about them.
• You'll examine what the procedure is for preparing for natural disasters as well as dealing with the aftermath. You'll also learn how to do this with human-made disasters, such as terrorism.
• You'll finish the course by diving deeper into how to create an effective emergency action plan for natural disaster risk mitigation.

Practice evaluating and planning for security risks by creating a risk register and identifying risks, applying a probability matrix to identify high risks, performing a vulnerability assessment and creating a risk mitigation plan. This lab is aligned to the Evaluating and Planning for Security Risks track of the Skillsoft Aspire Security for Decision-makers and Leaders journey.

• Effective risk management involves managing risks from external

• as well as internal sources. Because security risks can be
• introduced through internal stakeholder decisions, working with
• them to build awareness of the broad spectrum of security risks and
• their role in mitigating these is essential. In this course, you'll
• explore the internal stakeholder's role in the security landscape
• context. You'll then investigate how to effectively communicate
• with stakeholders regarding their role in preventing security risks
• from being introduced. You'll build on these concepts by examining
• best practices for continual stakeholder engagement using workplace
• example scenarios. You'll then outline various methods of effective
• security health reporting. At the end of this course, you'll be
• able to plan for effective stakeholder communication and
• engagement.

• Hybrid workplaces are an attractive working style for many organizations. However, a functioning and secure hybrid workplace can take some strategic planning and management to achieve.
• By their nature, hybrid workplaces pose various security risks. Security leaders need to educate themselves and their employees on what these risks are and how best to avoid them.
• In this course, you'll explore what a hybrid workplace entails and the resulting security risks. You'll then outline tips and guidelines to secure a hybrid workplace.
• You'll also learn about the security risks of the 'work from home' (WFH) working methodology and guidelines for securing it.
• Upon completing this course, you'll be able to classify the security challenges of a hybrid workplace and WFM situation, outline how to communicate these risks to employees to aid in risk prevention, and recognize the critical decisions when planning for a secure hybrid workplace.

• Adequate risk management requires the policies, procedures,

• standards, and guidelines that encompass effective information
• security governance are in place. This course shows you how to
• incorporate security governance as part of a robust security
• strategy. Examine the many security governance elements. Outline
• how to design, implement, and continually evaluate your strategy
• based on best practices. Define how security governance relates to
• the CIA Triad and distinguish between security governance and
• security management. Furthermore, investigate IT governance
• frameworks and compare centralized, decentralized, and hybrid
• structures. After taking this course, you'll recognize what's
• needed to implement a sound and robust information security
• governance strategy at your organization.

• Security breach incidents need to be handled effectively to prevent further occurrences. An incident management process based on best practices greatly helps deal with and thoroughly learn from incidents.
• Use this course to recognize the steps involved in the incident management process, the dependencies this process has on other processes, and who's involved in incident management.
• Examine the use of incident handling forms and incident prevention measures. Furthermore, study the signs employees should look out for and escalate that indicate a security breach event is occurring.
• After completing this course, you'll recognize how to use the incident management process to identify, manage, and prevent security breach incidents.

• Business continuity planning (BCP) ensures an organization

• functions smoothly during an unplanned incident or disaster. In
• this course, you'll explore what comprises BCP and how you can
• employ its methods before, during, and after a disaster. You'll
• learn about the importance of a business continuity plan and what's
• needed to create an effective one. You'll differentiate a business
• continuity plan from disaster recovery and emergency action plans.
• You'll then investigate some of the individual BCP steps in more
• detail, including the business impact analysis (BIA), risk
• management plan, and incident response plan phases. Moving on,
• you'll study what's involved in post-disaster recovery planning.
• Finally, you'll explore how to achieve business resiliency and
• excellence in the face of a disaster and during a pandemic,
• examining not only how to get back to normal but also how to
• exploit new opportunities and grow.

• Securing a workplace is a collaborative effort and requires contribution from everyone, including employees at all levels. It's a leader's role to educate and encourage everyone to build a security mindset into their daily practices. In this course, you'll learn how to foster a secure workplace.
• You'll start by exploring what comprises a secure workplace before examining best practices for achieving this state. You'll then outline best practices for developing a security policy.
• Next, you'll study how to conduct security awareness training, cultivate an organization-wide security mindset, and encourage employees to take ownership of the security processes.
• Finally, you'll learn about the role of security certifications, specifically the Cyber Maturity Model certification. You'll recognize what it comprises and how it applies to a secure workplace.

Final Exam: Mitigating Security Risks will test your knowledge and application of the topics presented throughout the Mitigating Security Risks track of the Skillsoft Aspire Security Essentials for Decision Makers and Leaders Journey.

• Mitigate security risks by identifying a phishing email,

• creating and sending a phishing email and subscribing to the
• Microsoft Security Notification Service. Then, calculate the
• vulnerability score for a given vulnerability. This lab is aligned
• to the Mitigating Security Risks track of the Skillsoft Aspire
• Security for Decision-makers and Leaders journey.