Basic InfoSec terminology Understanding why risk management is importantUnderstanding assetsUnderstanding vulnerabilitiesPerforming a basic risk assessmentDefining and calculating impactDefining and calculating likelihoodCalculating riskRisk appetite, risk treatment, and risk acceptance Considering legal regulations, investigations, and compliance structuresCompliance structuresUnderstanding legal and regulatory requirementsResponding to and undertaking investigationsFurther compliance optimizationProven methodologies in creating a strategyCreating InfoSec policies, procedures, and playbooks Establishing and maintaining a security awareness, education, and training programManaging third-party risk Continual improvement and reportingSummary