Course description
In simple terms, risk is the likelihood of something bad taking place, and the resulting business impact if it does in fact occur. We often talk about the bad things that could happen—that is, the threats, vulnerabilities, and exploits, and the technologies that are used to defend against them—but these are not risks. Senior business leaders need their subject-matter experts in cyber security to advise them not about the technical details (the "what"), but about the risk (the "so what"), and about how an incremental investment in recommended security controls quantifiably reduces that risk. This course covers how to assess security risks, properly defined, how to use these risk assessments to make better-informed recommendations regarding what to do about them, and how to communicate these risks more effectively to business decision makers.
