Information Risk Analyst

What is an Information Risk Analyst?

Information Risk Analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities

to improve the risk posture of the organization and continuously monitor risk tolerance.

How this role helps my organization

Managing risk is crucial for every organization, and Information Risk Analysts must have the knowledge, skills and authority to match the high stakes. An effective training plan should build that expertise and align with how your organization measures risk. This role also requires solid communication skills so that leadership can make informed decisions on whether to accept the risk, avoid it, transfer it or mitigate it.

What students learn

The Information Risk Analyst Role in Infosec Skills aligns with 76 Knowledge Statements and 14 Skill Statements in the NICE Framework, which primarily roll up to the following competencies:

»  Vulnerabilities assessment

»  Information assurance

»  Information systems/network security

»  Infrastructure design

»  Data privacy andprotection

»  Risk management

» Enterprise architecture 

» Systems integration
» System administration 

» Encryption

» Information technology assessment

» Systems testing and evaluation

Common tools, frameworks and documentation

• NIST Cybersecurity Framework

• NIST SP 800-53 NIST SP 800-37 NIST SP 800-171

• Vulnerability scanning tools Log management tools

• Security technical implementation Guides (STIGs)

• Security content automation protocol (SCAP)

• Compliance checker (SCC) » Knowledge of information assurance vulnerability

• alerts (IAVAs)