A Risk-Based and Business-Aligned Approach to Protecting Information Infrastructure and Assets
This course is designed to empower the information risk management leader or those pursing a leadership role with knowledge and insights to be more effective in their roles. This course focuses on concepts and capabilities to help these individuals embrace information risk management in enhance their skills in information security. This course is ideally suited for individuals who currently hold or are pursuing the CGEIT or CISM certification.
Learning objectives:
- Develop information and risk management and security strategies and programs
- Understand Cultural considerations and development of a risk conscious and security aware culture
- Understand threat and vulnerability management
- Identify key issues when using mobile solutions within your environment
- Explore the metrics and measures for risk management and security programs and capabilities
Target audience: IT Risk, Assurance and Security professionals
Duration: 2 days
CPE: up to 14
Cost: $1,150 members / $1,250 nonmembers
Date and Location: 2013 dates and locations coming soon!
Instructional Development Method: Group-Live
Prerequisite: None
Program Level: Intermediate
Advanced Preparation: None
A Pragmatic Approach to Developing an Information Risk Management Strategy
This course is designed to assist the practitioner in understanding concepts and techniques that can be leveraged in any size organization to ensure they are meeting their information risk management goals and expectations. This course is ideally suited for individuals who currently hold or are pursuing the CISA or CRISC certifications.
Learning objectives:
- Develop an information security and risk management strategy
- Explore the structure and associated functions of an information security program
- Understand threat and vulnerability analysis concepts and methodologies
- Explore business resiliency concepts including command and control, incident response, business continuity and disaster recovery
- Considerations for the use of cloud and social networking
Target audience: IT Risk, Assurance and Security professionals
Duration: 2 days
CPE: up to 14
Cost: $1,150 members / $1,250 nonmembers
Date and Location: 2013 dates and locations coming soon!
Instructional Development Method: Group-Live
Prerequisite: None
Program Level: Intermediate
Advanced Preparation: None
Information Risk and Business Continuity/Disaster Recovery Planning
This course examines the criteria, steps and actions necessary to implement and sustain an information risk management program, plans for business continuity and disaster recovery, and critical function disruptions and the capability to recover operations.
Session participants review and discuss information threats, vulnerabilities and exposures, along with determining risk to information security assets, their controls and countermeasures. Examine key components of disaster recovery, business continuity and incident management planning, and learn how to measure the effectiveness of your organization's business recovery, continuity and planning program. Facilitated discussion and case studies address what questions should be asked to determine your organization's overall preparedness to endure a disaster "event".
Learning Objectives:
- Define, implement and document an information asset and data classification schema
- Identify threats, vulnerabilities and exposures to organizational data assets
- Explain and utilize risk assessment and analysis methodologies
- Select specific methods to determine sensitivity and criticality of information resources
- Assess and develop risk mitigation strategies for critical organizational information resources
- Utilize gap and cost-benefit analyses to analyze and mitigate risk to a management-acceptable level
- Define the requirements necessary to declare an incident (plan activation)
- Conduct an assessment of an "incident event" and what actions are required for recovery
- Appreciate the extent to which the recovery depends on pre-planned resources and pre-defined actions
- Develop continuity plans that help to minimize potential economic loss to the enterprise
- Identify policies and procedures designed to reduce disruptions to operations
- Implement proactive plans to ensure organizational stability
- Develop policies and procedures that provide for an orderly recovery, and minimize insurance premiums
- Create continuity plans that ensure the safety of personnel and customers, minimizing the organization's legal liability
Target audience: IT professionals
Duration: 2 days
CPE: 14
Cost: $1,150 members / $1,250 nonmembers
Date and Location: 2013 dates and locations coming soon!
Instructional Development Method: Group-Live
Prerequisite: None
Program Level: Intermediate
Advanced Preparation: None
IT Risk Management
Effective management of IT-related business risk has become an essential part of IT governance. A comprehensive understanding of how information technology affect business objectives is essential in today’s business environment. Leading the drive to help enterprises mitigate risks, ISACA has developed a fundamental IT Risk Management training course that is applicable to all IT and business professionals.
The IT Risk Management training course provides an in-depth view of IT related business risk management and the methodology that includes risk identification, evaluation and response. The course describes the principles of IT risk management, the responsibilities and accountability for IT risk, how to build risk awareness, and how to communicate risk scenarios, business impact and key risk indicators. Included in the course is the opportunity to create a business focused, process oriented and measurement driven risk response plan.
Learning objectives:
- Describe the principles and methodology of IT risk management
- Recognize how a strong framework can help achieve best practices in IT risk management (common language, good structure, sense of completeness, etc…)
- Discuss aspects of risk culture and how they affect risk management
- Define and describe overall environment (risk universe) that will be subject to IT risk management
- Apply the concepts of IT risk management methodologies to realize business benefits and outcomes
- Discuss risk appetite and risk tolerance concepts and how they are important for IT risk management
- Discuss the concept of risk profile and how it can be used
- Identify operational and implementation issues
- Differentiate between loss, threat and vulnerability events
- Determine what data to collect and where to collect it to monitor and respond to risk
- Discuss several methods to describe impact and magnitude of IT events in business-related terms
- Understand key risk indicators and key performance indicators
- Enable an informed risk response
- Describe risk responses suitable for different risk scenarios
- Develop risk response plans for your enterprise
Target audience:
- Business managers
- Risk manager
- Information security managers
- IT managers
Duration: 4 days
CPE: up to 32
Cost: $2,295 members / $2,495 nonmembers
Date and Location:
Instructional Development Method: Group-Live
Prerequisite: None
Program Level: Intermediate
Advanced Preparation: None