CPE Credits: 7
Description:
In today’s global economy, every organization has a mission. In this digital era, as organizations critically depend upon information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk.
An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.
Risk is the net negative impact of the exercise of a vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.
This course provides an overview into the specific criteria, steps and actions necessary to implement and sustain a comprehensive Information Risk Management program.
Audience:
This presentation is intended for:
· Internal and external auditors (IT, financial, operational)
· Executive and Senior management
· Management consultants
· Big 4 Senior Managers/Partners
· General Counsels and attorneys
· C-suite members (CFO, CTO, CRO, CEO, COO, CIO, CSO, CXO, CECO, CPO, et. al)
· Controllers
· Risk Compliance Officers
· Directors of Human Recourses
· Professionals involved in organizational or IT GRC strategic initiative
Prerequisites: There are no specific prerequisites for this course.
Objectives:
After completing this seminar, the participant will be able to:
1. Define and implement an information asset and data classification schema
2. Document the relevant components of information ownership schema
3. Identify threats, vulnerabilities and exposures to organizational data assets
4. Explain and utilize risk assessment and analysis methodologies
5. Select specific methods to determine sensitivity and criticality of information resources
6. Assess information security controls and countermeasures and their effectiveness
7. Develop risk mitigation strategies for critical organizational information resources
8. Utilize Gap and Cost-benefit analyses as means to analyze and mitigate risk to a management acceptable level
Course Outline:
1. Establishing an information asset and data classification schema
2. Identification of the relevant components of information ownership schema
3. Information threats, vulnerabilities and exposures
4. Information resource valuation methodologies
5. Risk assessment and analysis methodologies
6. Determining risk reporting frequency and requirements
7. Methods used to determine sensitivity and criticality of information resources (quantitative and qualitative)
8. Baseline modeling and risk-based assessments of control requirements
9. Information security controls and countermeasures and their effectiveness
10. Risk mitigation strategies for information resources
11. Gap analysis (end state vs. current state) and the relationship to ISM
12. Cost benefit analysis - mitigating risks to acceptable levels
13. Risk management principles and practices