Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off

One annual plan covers every course and certificate on Coursera. 40% off for a limited time.

CISM: Enterprise Risk Leadership is the second course of Exam Prep CISM: Certified Information Security Manager Specialization. This course equips learners to explore the fundamental stages of identifying, assessing, and communicating information security risks while aligning risk appetite with organizational objectives. The curriculum dives deep into the technical and strategic aspects of risk assessment, the implementation of robust controls and countermeasures, and the critical role of defining Recovery Time Objectives (RTO) to ensure business continuity. The course is structured into comprehensive modules, further segmented by Lessons and Video Lectures that blend management-level theory with practical application. This course facilitates learners with approximately 2:00–2:30 hours of video content. To ensure mastery of the material, Graded and Ungraded Quizzes are provided with every module, testing the ability of learners to evaluate impact and monitor risk in real-world business scenarios. - Module 1: Risk Management Fundamentals - Module 2: Risk Assessment and Analysis - Module 3: Risk Treatment and Communication This course is specifically designed for security leads and management-track professionals who aim to bridge the gap between technical risk assessments and enterprise-wide strategic planning, ensuring that Information Security Risk Management aligns with the organization's risk appetite and long-term business objectives. By the end of this course, a learner will be able to: - Establish Continuous Risk Monitoring and Governance. - Implement Continuous Governance and Communication. - Master Stakeholder Communication and Reporting.

Syllabus

Risk Management Fundamentals

Welcome to the week 1. In this week, we will dive into the essential frameworks and practical applications of Information Risk Management and Compliance to protect organizational assets. We will transition into the selection and implementation of Controls and Countermeasures designed to mitigate identified risks effectively. A key focus will be placed on technical recovery metrics, specifically understanding the Recovery Time Objective (RTO) and its role in resilience planning. Finally, we will cover Risk Monitoring and Communication to ensure that risk status is continuously tracked and reported to stakeholders, providing a comprehensive Risk Management Overview that bridges the gap between technical security and executive oversight.

Risk Assessment and Analysis

Welcome to Week 2. This week, we will begin by establishing a shared language through Information Security Risk Management Concepts, providing the framework necessary for Implementing Risk Management within any organizational structure. You will engage in a Risk Assessment: Deep Dive to uncover hidden vulnerabilities, followed by an exploration of how to select and validate Controls and Countermeasures. To ensure operational resilience, we will examine the critical role of Recovery Time Objectives (RTO) and the necessity of Testing Response and Recovery Plans under realistic conditions. Finally, we will cover the essential processes for Information Security Risks Assessment and the continuous nature of Risk Monitoring and Communication to keep stakeholders informed of the evolving threat landscape.

Risk Treatment and Communication

In this week, we begin with an Information Risk Management - Introduction to align our efforts with business goals, followed by a structured look at the Stages of Information Security and Risk Management to provide a clear roadmap for execution. You will explore Good Practices for Managing Information Risk and learn the nuances of Managing Information Security Risk in dynamic environments. A core focus will be on Developing Cyber Risk Management Strategy to ensure long-term protection, alongside the selection of appropriate Impact Controls to minimize the effects of potential incidents. Finally, we will emphasize the critical human element: Information Risk Management - Communication, ensuring that technical findings are translated into actionable intelligence for executive decision-makers.