Information Risk Analyst
What is an Information Risk Analyst?
Information Risk Analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities
to improve the risk posture of the organization and continuously monitor risk tolerance.
How this role helps my organization
Managing risk is crucial for every organization, and Information Risk Analysts must have the knowledge, skills and authority to match the high stakes. An effective training plan should build that expertise and align with how your organization measures risk. This role also requires solid communication skills so that leadership can make informed decisions on whether to accept the risk, avoid it, transfer it or mitigate it.
What students learn
The Information Risk Analyst Role in Infosec Skills aligns with 76 Knowledge Statements and 14 Skill Statements in the NICE Framework, which primarily roll up to the following competencies:
» Vulnerabilities assessment
» Information assurance
» Information systems/network security
» Infrastructure design
» Data privacy andprotection
» Risk management
» Enterprise architecture
» Systems integration
» System administration
» Encryption
» Information technology assessment
» Systems testing and evaluation
Common tools, frameworks and documentation
NIST Cybersecurity Framework
NIST SP 800-53 NIST SP 800-37 NIST SP 800-171
Vulnerability scanning tools Log management tools
Security technical implementation Guides (STIGs)
Security content automation protocol (SCAP)
Compliance checker (SCC) » Knowledge of information assurance vulnerability
alerts (IAVAs)