Module 4: Risk Management
Description
This module covers cybersecurity critical infrastructure and risk management. It introduces the NIST Cybersecurity Framework, the structure of the framework, and how it is used. It also describes the processes of risk management in the framework—framework basics, structure, and a business process management approach to implementing and applying the framework.
Objectives
| # | Revised Bloom’s Taxonomy | Objective | Slide # | Act. 1 | Team Act | Assess Ques # |
|---|---|---|---|---|---|---|
| 4.1 | Understand | Identify basic security service principles (confidentiality, integrity, availability, and authentication) and their relative importance to CI systems. | 3, 4 | N/A | 3 | |
| 4.2 | Understand | Identify various risk management frameworks and standards, such as the NIST Cybersecurity Framework and the North American Electricity Reliability Council (NERC). | 5 -11 | N/A | X | 1, 4 |
| 4.3 | Understand | Identify the components of the CSF and how they are used to identify and manage risk. | 12 – 19 | N/A | 5, 8, 9 | |
| 4.4 | Understand | Identify basic risk management principles. | 21 – 23 | N/A | 2, 6, 7 | |
| 4.5 | Understand | Understand how the framework process holistically manages risk. | 24 – 32 | N/A | X | 10 |
