WHY IS THIS IT RISK ASSESSMENT WORKSHOP IMPORTANT?
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
2. COURSE
CONTENT
DAY1 IT RISK MANAGEMENT
LEADERSHIP WORKSHOP WHY THIS EVENT
IT Risk Management Leadership Workshop is a special one-day course The aim of this interactive workshop is to provide
designed to teach information security professionals how to become an you with the skills critical to IT Risk Management.
effective information security manager. In addition, you will learn tips
and techniques that will increase your competence and confidence when After attending this workshop, you will leave
influencing information security in your organization. fully armed with the knowledge needed
effectively secure your organization’s IT systems
Implementing IT Risk Management in an organization is a major effort. & infrastructure. You will be able to establish an
This requires coordination with all departments. It requires interfacing effective risk management program to assess
with individuals at all levels from technicians and programmers to
and mitigate risk, and protect your IT assets.
managers, directors, and C-level executives.
The combination of interactive presentations,
In this workshop you will learn how perform a stakeholder analysis, hands-on exercises and open discussion groups
outline the stakeholders required to accomplish your job, and how to along with real case studies, ensures you will
effectively navigate the possible roadblocks preventing you from obtain maximum value from attending.
accomplishing your tasks. In addition, you will learn tips and techniques
that will increase your competence and confidence when influencing
and implementing information technology in your organization.
Managing the IT Risk Management Process
- Creating an IT Risk Management framework
- Determining your critical success factors (CSF)
- Determining your key performance indicators (KPI)
- Challenges in managing the process
Understanding your Corporate Culture
- Understanding your organization’s trends, strategy and environment
- Tips, tricks, and trouble spots
- Developing a business continuity management culture
- Exercising, maintenance, and audit
Understanding your Stakeholders
- How to identify your key stakeholders
- Performing a stakeholder analysis
- Creating a stakeholder engagement communication plan
- Getting stakeholder engagement and support
DAY2 UNDERSTANDING THE NEED FOR
IT RISK MANAGEMENT WHO SHOULD ATTEND
In this section we will discuss why is it important to consider information Vice Presidents, Directors, General Managers
technology risks and the impact if an assessment is not performed. Chief Information Officers
Chief Information Security Officers
- Use of IT risk management in an organization
- The importance of IT risk management Chief Technology Officers
- IT risk management and ownership IT Risk Managers
- What is risk assessment? IT Security Managers
Compliance Officers
Establishing the context of risk in your business Program and Project Managers
- Why your organization needs IT risk management IT Project Managers
- Consequences for inadequate or no IT risk management activities IT Operation Managers
- The benefits of implementing IT risk management
2
3. COURSE
CONTENT
DAY3 UNDERSTANDING IT SECURITY
FRAMEWORKS AND STANDARDS Latest TESTIMONIALS
An understanding of the various information technology frameworks
and standards, and the basics of information security is necessary to 1 “Session well organized The trainer is ver
organized. very
better understand how to assess the risks associated with the security conversant with the subject matter. Well delivered
implementation. and would definitely recommend to anyone else.”
- Habil Mutende, Manager Information Security & Change
- ISO 27001 Management, Central Bank of Kenya
- COBIT IT Governance Framework
- NIST SP-800 2 “Excellent presentation, excellent attitude to
answer our questions & to share his experience.”
Information security fundamentals - Senior Manager, IT Department, Deloitte
- Confidentiality, integrity, and availability
- Accountability, non-repudiation, identification 3 “I have used Mark in key roles with high visibility
- Understanding information assurance clients. Without hesitation I would highly
recommend Mark for any and all IT audit
Developing an IT risk management strategy engagements. His professionalism, deep
- How to perform a high-level risk assessment knowledge, and results oriented work style are
- Understanding your business risk appetite deeply valued by not only myself, but more
- Establishing your criteria for risk acceptance importantly by the all those who are lucky enough
- Complying with industry, legal, and/or regulatory requirements to use his services.” - Russ Aebig, Director at Artesient
4 “We have used Mark Edmead on several projects in
the past few years including SOX readiness for
publicly traded companies and IT vulnerability
DAY4 UNDERSTANDING THE IMPACT OF assessments for major financial institutions. He
always delivers professional and detail-oriented
IT RISK TO YOUR ORGANIZATION workpapers on-time and within budget. Mark is
highly recommended and we will continue to use
The risk “appetite” of an organization will vary depending on several him on other projects.” - Brenda Piazza, Director at CBIZ MHM
variables. It is critical to understand what is it that you are protecting and
the impact of a threat in the event it becomes real.
- How to identify tangible and intangible assets
- Determining the value of these assets
- Comparing asset value versus control mitigation costs
- Conducting a business impact analysis
Applying risk management controls
- Finding the right control to manage risk
- Using best practice frameworks
- How to manage residual risk
Implementing an IT risk monitoring process
- Performing periodic reviews
- How to reporting IT risk status
- Creating a risk reporting plan
The IT Risk Management Document
- Outline of the IT Risk Management document
- Keeping your document up-to-date
- Getting stakeholder support and acceptance
COURSE SCHEDULE
8.00 Registration & Coffee/Tea
8.30 Workshop commences
10.10 - 10.30 Morning coffee/tea
12.00 - 13.00 Lunch
14.40 - 15.00 Afternoon coffee/tea
16.00 End of day
3