IT Risk Management Training

Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

This course is built around globally accepted standards such as ISO 31000:2009 and frameworks such as ISACA’s Risk IT, and NIST and OCTAVE guidelines for risk management.

Objectives of the course

Upon completion of this course, participants will be able to:

  • Identify where and how to reduce known/unknown IT risks
  • Identify areas of cost-benefit optimization and thus reduce IT expenditure
  • Understand the ISO 31000:2009 standard and its applicability to the corporate environment
  • Understand risk assessment as addressed in BASEL II, ISO 20000, ISO 27001, ITIL, COSO, COBIT, BS 25999 and its relevance to IT
  • Understand the different IT Risk Assessment Standards, Models and Methodologies – NIST’s SP-800-30, and OCTAVE™, ISO 27005
  • Insights on practical use of risk assessment and control evaluation techniques

Course Contents

  • Background:
    • Briefing on Definition of Risk and Risk in context of Information Technology
    • Discussion and recording: Known risk scenarios
    • IT Risk Management Initiative
    • Project Planning Requirements
  • Groundwork:
    • General Risk Scenarios
      • Understanding Business-specific, industry-specific, region/location-specific scenarios
      • Recording the scenarios
  • Management Buy-in
    • Degree of business dependence on information technology
    • Understanding and recording technology-specific risks
    • Tying in general risk scenarios with IT risks
    • Techniques of building business case
    • Budgeting
  • Project Planning
  • Resource Identification and Allocation
  • Understanding the Concepts and Techniques
    • IT Risk Management Cycle
    • Technology and business drivers
    • Risk Terms – Asset, Threat, Threat Agent, Threat Event, Vulnerability, Countermeasure, Risk, Residual Risk
    • Risk Assessment Methodology
    • ISO 31000:2009 Overview
  • IT Risk Assessment:
    • IT Process Selection
    • IT Component Selection
    • Approach Selection
    • Risk Discussion :
      • Risks from IT Strategy adopted
      • Risks from IT Processes and Plans
      • Risks from Networks and Systems
      • Risks from Business Applications
      • Risks from Internal Application
      • Risks from Devices – Security Implementation, Disaster Recovery, Business Continuity
      • Risks from Internal and External customers
    • Applying ISO 31000 and Risk IT for Risk Assessment
    • Challenges and Solutions
    • Case Study I
  • IT Risk Mitigation:
    • IT Risk Mitigation Options
    • IT Risk Mitigation Strategy
    • Controls’ Identification and Analysis
    • Cost Benefit Analysis
    • Calculating Residual Risk
    • Case Study II
    • Applying ISO 31000 and Risk IT for Risk Mitigation
  • Evaluation IT Risk Management Cycle:
    • Project Evaluation
    • Learning from Selection and Execution techniques
  • Integrating IT Risk Management with various frameworks and standards – BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001, BS 25999
  • IT Risk Management Cycle: A Revision

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content