10162116Cyber Risk Management
Course Information
Description
Through actual cases, this course will take a look at the various types of cyberattacks on businesses, the potential damages and fines, and ways to holistically manage internal and external risks. Cyber Liability Insurance, as a way to transfer risk, will also be examined.
Total Credits
3
Course Competencies
  1. Evaluate a cyber risk within an enterprise risk management environment
    Assessment Strategies
    Exam
    Criteria
    Identify exposures to cyber risk
    Identify one internal and one external cyber risk that a business faces
    Describe the components that make up the cost of risk for a business
    Accurately calculate the cost of risk
    Achieve a 70% or greater score on the exam

  2. Formulate a cyber risk assessment
    Assessment Strategies
    Exam
    Criteria
    Identify two tangible and intangible properties, two liability exposures, and loss of income for a business experiencing a cyber breach
    Achieve a 70% or greater score on the exam

  3. Compare the principles and practices of various data protection regulations
    Assessment Strategies
    Exam
    Criteria
    Differentiate between GDPR and CCPA
    List at least two fines a business is exposed to when data is not protected
    Explain the legal responsibilities of a business with regard to protecting data
    List three key components of both GDPR and CCPA
    Achieve a 70% or greater score on the exam

  4. Evaluate cyber risks associated with third-party data
    Assessment Strategies
    Data flow diagrams
    Criteria
    Identify the at-risk points for a business utilizing third-party data
    Identify one of the top five businesses at risk for a data breach
    List a minimum of three pieces of information for sale on the Dark Web

  5. Identify the “at risk” points in the flow of data
    Assessment Strategies
    Data flow analysis chart
    Criteria
    Identify, with at least 70% accuracy, two specific transactions in an organization where confidential information is shared
    Identify the areas where the information is at risk for a breach
    Diagram includes two transactions
    Diagram identifies what data is being shared

  6. Develop a Data Breach Life Cycle
    Assessment Strategies
    Quiz, Exam, Written Product - Data Breach Lifecycle
    Criteria
    Explain at least two steps to contain losses once a breach is discovered
    Life Cycle is for a particular business concerning one specific breach
    Explain the steps in the Data Breach Life Cycle
    Achieve a 70% or greater score on the quiz and exam

  7. Calculate the associated business costs for lack of planning for a cyber attack
    Assessment Strategies
    Exam
    Criteria
    Describe the business costs such as costs to continue operation and loss of income
    Calculations include loss of productivity, physical location, supply chain, technology, reputation, fines
    Achieve a 70% or greater score on the exam

  8. Apply risk mitigation steps in planning to achieve business continuity
    Assessment Strategies
    Written Product - Business Continuity Plan
    Criteria
    Determine the critical functions of the organization that must be maintained if an interruption occurs
    Outline four strategies that the company can proactively take to stay in business after a loss
    Plan includes strategies such as backup of data, temporary use of another premises, insurance, etc.

  9. Describe the stages of strategic redeployment planning
    Assessment Strategies
    Written Product - Redeployment Plan
    Criteria
    Plan includes the four stages as specified by the instructor
    Plan includes the top priority for each of the four stages
    Achieve a score of 70% or greater

  10. Conduct a Business Impact Analysis (BIA) to determine the operational impact of a technology shut down
    Assessment Strategies
    Written Product – Business Impact Analysis (BIA)
    Criteria
    Ascertain the importance of the impact on the operations and the finances of a business during a technology shut down
    Identify the time, with at least 70% accuracy, when the interruption would be at its highest impact for a particular type of business
    Identify one internal and external operational risk
    Identify at least one lawsuit that could arise as the result of a breach

  11. Generate a holistic approach to cyber risk management that includes risk retention, risk transfer and risk control
    Assessment Strategies
    Written Product
    Criteria
    Identify risk management reduction strategies
    Outline the steps a business can take to reduce the risk of a cyber attack such as employee training, back up of data, limited access to data, etc.
    Achieve a score of 70% or greater

  12. Evaluate insurance coverages that are typically included in a cyber policy
    Assessment Strategies
    Written Product - Q&A, Exam
    Criteria
    Describe the benefits a business would receive from the purchase of a cyber insurance policy
    Differentiate between a cyber policy and a general liability policy
    Achieve a score of 70% or greater on an exam