EdX.svg

Title: Cybersecurity Risk Management

Author for citation: Tong Sun

License for content: Unknown

Publication date: 2024

This is a Rochester Institute of Technology-created course that is released on the edX platform. The introductory eight-week course is designed to help learners "learn about the general information security risk management framework and its practices and how to identify and model information security risks and apply both qualitative and quantitative risk assessment methods." The course is free to take. A verified certificate of completion, via a Verified track from RIT, is available for $399 USD. The class starts January 7, 2024 and runs until March 3, when the free audit track expires. Additional sessions begin March 3 and July 7, 2024.


The edX course description:

"Cybersecurity risk management guides a growing number of IT decisions. Cybersecurity risks continue to have critical impacts on overall IT risk modeling, assessment and mitigation.

In this course, you will learn about the general information security risk management framework and its practices and how to identify and model information security risks and apply both qualitative and quantitative risk assessment methods. Understanding this framework will enable you to articulate the business consequences of identified information security risks. These skills are essential for any successful information security professional.

The goal of this course is to teach students the risk management framework with both qualitative and quantitative assessment methods that concentrate on the information security (IS) aspect of IT risks. The relationship between the IT risk and business value will be discussed through several industry case studies.

First, you will learn about the principles of risk management and its three key elements: risk analysis, risk assessment and risk mitigation. You will learn to identify information security related threats, vulnerability, determine the risk level, define controls and safeguards, and conduct cost-benefit analysis or business impact analysis.

Second, we will introduce the qualitative and quantitative frameworks and discuss the differences between these two frameworks. You will learn the details of how to apply these frameworks in assessing information security risk.

Third, we will extend the quantitative framework with data mining and machine learning approaches that are applicable for data-driven risk analytics. You will explore the intersection of information security, big data and artificial intelligence.

Finally, you will analyze a series of extended case studies, which will help you to comprehend and generalize the principles, frameworks and analytical methods in actual examples.

This offering is part of the RITx Cybersecurity MicroMasters Program that prepares students to enter and advance in the field of computing security."

What you'll learn:

  • "Information security risk management framework and methodologies
  • Identifying and modeling information security risks
  • Qualitative and quantitative risk assessment methods
  • Articulating information security risks as business consequences"


About the authors

The course is taught by Tong Sun, adjunct professor in the Department of Computing Science at Rochester Institute of Technology. She works at a "leading data analytics research lab at PARC, Xerox Company. She received her Ph.D. in Electrical & Computer Engineering from University of Rhode Island, MS in Artificial Intelligence from Huazhong University of Science and Technology in China."


General layout and contents of the course

The introductory unit opens with discussion on the evolution of information security, followed by discussion about the risk management process, framework, and life cycle. Week three takes a closer look at the differences between qualitative and quantitative risk assessments, whereas week four addresses the metrics behind information security. Weeks five and six will introduce analytical techniques and how the resulting measurements can be automated. The final two weeks of the course looks at various case studies to reinforce the prior weeks' discussions.

The course

PDF.png: The course can be found on the edX site, under the Computer Science category. The class starts January 7, 2024 and runs until March 3, when the free audit track expires. Additional sessions begin March 3 and July 7, 2024.