Chapter 2.  Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education

This chapter gives an overview of risk management, business continuity, and security education using a high-level illustration. Understanding and applying risk management concepts, threat modeling, and establishing business continuity requirements are some of the main topics covered in this chapter. A brief overview of integrating security risk considerations into information systems' acquisition, strategy, and practice are covered. Establishing and managing information security education, training, and awareness programs and recommendation of best practices are provided towards the end of the chapter.