Risk
Assessment and Security Planning
Course Overview How to prepare a Risk Assessment, applied to security planning. Current Intruder data and technical controls are used to help develop a Risk Assessment & Prototype Security Plan.
Goals
and Objectives
Upon completion, the student will have the ability to:
| • |
Develop a line management based Risk Assessment & apply system rules |
| • |
Prepare graphical support to portray Risk, using common Incident data |
| • |
Prepare a Threat Analysis and Technical Controls matrix |
| • |
Complete a Technology Protection Operating Guideline (Space Program) |
Topics Discussed
| • |
Conducting a Risk Assessment and Structuring a Security Plan (NASA 2810) |
| • |
Technology Protection and Control Risk Analysis includes Export Controls |
| • |
Security planning software to comply with NASA 2810, using Software Vulnerability Scanning of Operating Systems, automatically posted to a browser-based Database |
| • |
Security Policies Applied to the 2810 Requirements |
Employs software tailored for NASA 2810; includes a Templated Security Plan Prototype and a structured methodology standard to ensure that Security Plans address key characteristics:
| 1) |
Follow the same structured process and appearance |
| 2) |
Meet stringent System Manager requirements under NASA Guidelines |
| 3) |
Provide for automatic updates and an Asset Manager |
Verification & validation help evaluate risks and apply technical controls. Penetration Testing is used to discover vulnerabilities and to CORRECT them. Models include a Risk Assessment from a Space activity, a 2810 Security Plan, and automated matrices for Security Policies & Security Life Cycle Controls.
Course Benefits
The advantage of this course is that it provides practical skills and applies simulated incident data to hands-on exercises. Students develop skills to implement organizational requirements.
Practical Exercises address the specific details of Risk Assessment, Risk Acceptance and combined Technical and Public Access Controls. Instructor-led Lecture and Hands-on Network-based Exercises.
Course Length: 2 1/2 days
| 
