Zero-Trust Approach to Risk assessment: Field Guide
RCCE students will learn comprehensive risk assessment methodologies including threat identification, vulnerability assessment, impact analysis, likelihood estimation, risk scoring, and risk treatment planning. RCCE students will learn to facilitate risk assessment workshops, apply qualitative and quantitative assessment methods, use frameworks such as NIST SP 800-30, ISO 27005, FAIR, and OCTAVE, document risk assessment findings, calculate risk scores and prioritize treatments, present risk assessment results to executive leadership, and maintain living risk registers that evolve with the threat landscape and organizational changes. This zero-trust course applies modern security principles including least privilege, continuous verification, and explicit trust evaluation. At an expert level, RCCE students will learn to implement zero-trust architectures that assume breach and verify every access request regardless of network location. Students build practical zero-trust implementations that align with organizational security modernization goals.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Zero-Trust Approach to Risk assessment: Field Guide
- Apply zero-trust principles to privilege decisions and elevation
- Execute hands-on tasks for risk assessment
- Execute hands-on tasks for course objectives & learning outcomes
- Execute hands-on tasks for risk assessment mastery — covering Apply qualitative & quantitative methods.
- Apply zero-trust principles to privilege decisions and elevation, including least privilege architectures.
- Execute hands-on tasks for operational excellence — covering Facilitate risk assessment workshops.
- Execute hands-on tasks for threat-informed defense — covering threat landscapes to risk posture.
- Execute hands-on tasks for risk assessment impact — covering Assume breach at all times.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for policy engine — covering Evaluates access requests.
- Execute hands-on tasks for policy administrator — covering Enforces engine decisions.
| Module 01 | Zero-Trust Approach to |
| Module 02 | Risk Assessment |
| Module 03 | Course Objectives & Learning Outcomes |
| Module 04 | Risk Assessment Mastery |
| Module 05 | Zero-Trust Integration |
| Module 06 | Operational Excellence |
| Module 07 | Threat-Informed Defense |
| Module 08 | Zero-Trust Fundamentals |
| Module 09 | Risk Assessment Impact |
| Module 10 | Zero-Trust Architecture Components |
| Module 11 | Policy Engine |
| Module 12 | Policy Administrator |
| Module 13 | Policy Enforcement Point |
| Module 14 | Data Plane Controls |
All hands-on labs run on Rocheston Rose X OS. Students practice zero-trust approach to risk assessment: field guide by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Apply zero-trust principles to privilege decisions and elevation
- Lab 2: Execute hands-on tasks for risk assessment
- Lab 3: Execute hands-on tasks for course objectives & learning outcomes
- Lab 4: Execute hands-on tasks for risk assessment mastery
- Lab 5: Apply zero-trust principles to privilege decisions and elevation
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Zero-Trust Approach to Risk assessment: Field Guide, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI