Information Security & Risk Mgt and other MOOCs on Coursera


The conventional way to gain knowledge about a field, before joining the industry, is to get certifications or acquire a degree.  The first can be done by self study but requires a considerable investment of money and suffers from the lack of feedback and interaction among peers. The latter is much more involved experience but costs a lot in both money and time required. It also is not a viable option for people in full time careers. A new entrant to the field is MOOC or Massive Open Online courses pioneered by Coursera

               There are a large number of courses on Coursera and its major rival Udacity.  Though the courses were initially skewed towards computer science but slowly courses on other fields have also also started showing up.  The courses have classes based on Video Lectures supplemented by Quizzes, Mid Term and Final Tests along with peer reviewed assignments. One interesting course for people interested in an InfoSec career is " Building an Information Risk Management Toolkit !"  by Barbara Popovsky. This is second in the series  with the first one being "Information Security and Risk Mgt in Context".    The course is good in content and exposes you to the latest methods in the field of risk management. The present course has started on Jan 7th and its outline as given on the website is given below.

About the Course
In this course, you will explore several structured, risk management approaches that guide information security decision-making. Course topics include: developing and maintaining risk assessments (RA); developing and maintaining risk management plans (RM); regulatory and legal compliance issues affecting risk plans; developing a control framework for mitigating risks; risk transfer; business continuity and disaster recovery planning from the information security perspective.
In this course, you will explore GRC and several structured, risk management approaches that guide information security decision-making. Course topics include
  • GR and the role of GRC in organizations;
  •  theory of risk management;
  • several risk methodologies;
  • end-to-end risk assessment (RA);
  • risk management planning (RM); risk reporting;
  • risk intelligence, risk indicators, and strategic and operational risk.
Learning Objectives
Upon successfully completing this course, you will be able to
  • explain security risk and information risk in the context of government, risk management,  and compliance (GRC);
  • compare/contrast several alternative methods of risk assessment;
  • built your own risk management tool kit;
  • build your own hybrid approach, using multiple tools;
  • do a risk assessment;
  • create a risk management plan; and
  • communicate effectively with senior executives to facilitate their decision-making.
Assessments and Activities
This course includes the following assessments and activities:
  • 2 Peer-graded Assignments worth 30 points each
  • 9 Weekly Quizzes worth 10 points each
  • 1 Final Quiz worth 30 points
  • Weekly Discussions in the Discussion Forums

Have a look at this course and other offerings from Coursera to enhance  your knowledge.


Comments

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more