Cyber risk is one of the top business risks today.  Information technology continues to evolve and cyber risk continues to escalate.  It is important that all individuals understand the basics of cyber risk and threats.  In addition, organizations must learn to develop effective cyber risk programs and appropriately measure cyber risk. This course is complementary the other Cyber Risk courses this presenter has prepared.

As discussed in the segment on cyber risk management frameworks, multiple risk management frameworks exist and can be effectively utilized by organizations to establish their cyber programs.  These learning segments utilize the NIST Framework (National Institute of Standards and Technology (NIST) established by executive order in February 2013) as a template for assisting in understanding the various components that should be assessed related to cyber risk. Separate segments delved into the specifics around performing a Cyber Risk Assessment (RA) and the “identify” function. This function assists organizations in knowing what assets may be at risk for a cyber-attack/cyber breach. Once assets are identified, the NIST framework suggests organizations then protect those assets.
 

In order to right-size your cyber security efforts, organizations must develop a process to properly prioritize their assets and apply cost balanced mitigation controls. This segment will evaluate various methods to assign priorities to identified assets.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.

Learning Objectives
  • Explore how identification of assets ties to prioritization.
  • Identify high level methods to prioritize risks.
  • Explore how to prioritize using the criticality concept.
  • Explore the use of impacts in assigning priorities.
  • Explore the use of likelihood applied to assigned impact in assigning priority.
  • Explore using criticality components combined with impact and likelihood to assess residual risk. 
Last updated/reviewed: March 11, 2024

Included In Certifications

This course is included in the following Certification Programs:

13 CoursesCorporate Cyber Security Certification

  1. Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  2. A Primer on Cyber Security Programs and Roles
  3. Cyber Risk Frameworks And Concepts
  4. Cyber Risk Framework - Identify Assets
  5. Cyber Risk Framework - Prioritize Assets
  6. Cyber Risk Framework - Protect Assets
  7. Cyber Risk Framework - Detect Part One
  8. Cyber Risk Framework - Detect Threats Part Two
  9. Cyber Risk Framework - Respond
  10. Cyber Risk Framework - Recover
  11. Cyber Risk Framework - Utilizing The Tier Approach
  12. Fraud and Personal Identity Theft
  13. Fraud and Business Identity Theft
19 Reviews (100 ratings)

Reviews

2
Anonymous Author
Very confusing treatment of risk, impact, and likelihood topics. The discussion departed from very common treatments of these topics. Example: used the term "inherent impact" -- never heard of that. On one of the risk charts, confused "likelihood" with effectiveness of controls.

4
Anonymous Author
This course provides an understanding of how to identify "critical" assets and why these assets are identified as being "critical" and why impact and likelihood of impact are of concern.

4
Member's Profile
Another great course from Lynn Fountain- her experience and insight bring color to the presentation and provide for an engaging and informative learning experience.

4
Anonymous Author
This course fills the gap in NIST materials, explaining the concept of priorotizing the informational assets for further ptotection measures.

5
Member's Profile
Can you please start adding CISA under the CPE eligibility, Lynn? So much of IA is an umbrella you may as well add us in there :) Thx!

5
Anonymous Author
The course provides good understanding for prioritizing method in the considering of the important of assets, impact and likelihood

3
Anonymous Author
The course is general enough for most audiences, but doesn't expand on topics enough for those who work in a cyber-related role.

4
Anonymous Author
This course is great for Risk Managers, particularly those involved in the creation of the strategies, as well as BCP/DRPs

5
Anonymous Author
This course thoroughly describes the process to determine criticality and likelihood to consider in risk assessment.

4
Anonymous Author
Prioritizing assets was an informative and thought out course. I will utilized the ideas presented in this course

5
Anonymous Author
This course is refreshing and interesting. Nothing surprised me. New auditors will learn more from this training.

5
Member's Profile
The syllabus is very elaborating and detailed. It explain the concepts of prioritizing risks.

4
Anonymous Author
Great course of cyber risk framework - prioritise assets which add value to me

4
Member's Profile
Great course to understand the basics of cyber security/prioritizing.

5
Anonymous Author
good course, covered objective and was a good learning experience.

5
Anonymous Author
The course was good. It definitely met the learning objectives.

5
Anonymous Author
Cyber Risk Framework - Prioritize Assets excellent course

3
Anonymous Author
well thought out and acceptable for cpe review purposes

5
Anonymous Author
Crucial topic for audit function to master and perform

Prerequisites
Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
INTRODUCTION AND OVERVIEW
  Introduction to Cyber Risk Assessment – Prioritize Assets for Protection3:26
  Identify Critical Assets6:59
  Prioritize6:38
  Prioritize with Criticality16:10
  Prioritize Further Utilizing Impacts9:52
  Prioritize Further Utilizing Impacts Continued..9:37
  Applying Likelihood to Impact2:31
  Integrating Priority with Impact/Likelihood10:31
  Integrating Priority with Impact:Likelihood Continued & Summary10:07
CONTINUOUS PLAY
  Cyber Risk Assessment – Prioritize Assets for Protection 1:15:51
SUPPORTING MATERIALS
  Slides: Cyber Risk Assessment – Prioritize Assets for ProtectionPDF
  Cyber Risk Assessment – Prioritize Assets for Protection Glossary/IndexPDF
REVIEW AND TEST
  REVIEW QUESTIONS quiz
 FINAL EXAMexam