Course details

System Security Certified Practitioner (SSCP 2018): Risk Management

System Security Certified Practitioner (SSCP 2018): Risk Management

Expected Duration
Lesson Objectives
Course Number
Expertise Level


This 12-video course explores risk management when engaging in business activities supported by IT solutions. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam as you examine risk classification, and learn how to identify digital assets and threats, including natural disasters such as floods, fires, or storms; manmade disasters, arson, terrorism; and identity theft. This course demonstrates threat modeling, and the process to use to identify and prioritize threats. You will examine how to optimize resources, and to focus on reducing risks, and explore counter measures in relation to prioritized threats. Next, explore BIA (business impact analysis), and its importance to business continuity. You will learn how a BIA can be incorporated into a DRP (disaster recovery plan) to facilitate recovery of a failed system. Learners will examine the use of a risk registry with the likelihood of the risk occurrence, the business impact should it occur, and a severity rating. You will learn about risk avoidance and mitigation. Finally, you will explore cost efficiencies for risk mitigation.

Expected Duration (hours)

Lesson Objectives

System Security Certified Practitioner (SSCP 2018): Risk Management

  • Course Overview
  • describe how proper risk management can allow businesses to engage in productive activities while maintaining levels of security
  • categorize risks using a risk register and common vulnerability scoring system, and share threat data
  • identify and prioritize potential security threats
  • determine how realized threats can negatively affect business processes
  • apply common risk management frameworks such as ISO and NIST to organizational threats
  • safely engage in endeavors that can present threats
  • offload risks to third parties
  • implement security controls to reduce the impact of realized threats
  • avoid risk by not engaging in activities that present threats
  • use industry-standard calculations to determine the feasibility of implementing a security control
  • implement risk management techniques
  • Course Number:

    Expertise Level