CISM 2022: Managing Risk - Enterprise Training Solutions

Residual risk remains after security controls are put in place to mitigate the impact of threats. The organizational appetite for risk determines what level of residual risk is acceptable.

In this course you will explore how risk management improves business operations by minimizing the impact of realized threats. You will learn how to calculate the cost of mitigating risk compared to the value of the protected asset and determine the cost-benefit analysis and return on investment when implementing security controls. Next discover the importance of risk assessments especially where there are changes to some aspect of the business or a specific business process. You will then explore how various risk approaches such as risk acceptance avoidance transfer and reduction apply to an organization tolerance of residual risk. Lastly discover how risk heat maps are an effective method for communicating various degrees of risk.

This course can be used to prepare for the Certified Information Security Manager (CISM) exam.

Other Articles

The Importance of Role-Based Cybersecurity Training

Top Skills for 2025: Preparing Your Government Workforce

The Benefits of Role-Based Training for Government Employees

free trial