As we’ve learned, Information Security is ultimately about protecting the assets most crucial to your business through preserving the Confidentiality, Integrity, and Availability of your information. In this 3-day course, IT professionals and security officers learn to assess and manage risk in their organization and plan for the unexpected
Module 1: Mapping risk management and continuity planning to your business
• Describe risk management
• Discuss the relationship between security, business continuity management and risk management
• Define risk terms
• Describe the risk equation
• Define the key words relating to BCP/DRP
• Position resiliency in your management strategy
• Describe the types of response strategies
• Describe the role of governance in managing risk and compliance
Module 2: Making the case for risk management and business continuity planning
• Discuss the importance of risk management and the need for BCP/DRP in any environment
• List business considerations and drivers for risk management and business continuity planning
• Determine which drivers apply to your environment
Module 3: Managing risk as a process
• Describe the purpose of frameworks, reference models, standards
• List possible risk management models or frameworks as your guide
• Compare BCP/DRP frameworks for your environment
• Describe the lifecycle of risk management
• Distinguish between risk assessment, risk analysis, and business impact analysis
• Promote the ongoing need for training and plan updates
• Define the activities involved in managing risk
• List responsibilities and potential members for a risk management team
• Define the activities involved in developing and maintaining a BCP/DRP
• List responsibilities and potential members for a BCP team
• Describe elements of a proposal for board approval
• Identify stakeholders and their concerns
Module 4: Analyzing business impact: where to focus
• List detailed steps to conduct a business impact analysis project
• Describe steps to conduct interviews to gather data
• Describe how to increase success with BIA interviewing
• Define analytical terms for business impact and recovery requirements
• Explain the process to calculate and document recovery requirements for your critical business functions
Module 5: Assessing risk: what threats and vulnerabilities exist
• List the requirements of a risk assessment team
• Describe how to select assessment targets based on BIA
• Outline the steps in a risk assessment project
• Define the scope of an assessment
• Identify what goes into a plan for examination activities (interviews and vulnerability scanning)
• Compare data gathering methods
• Compare risk assessment methods and tools
• List expectations for documenting assessment results
• List steps to mitigate risks of being a risk assessor
Module 6: Analyzing risks: how much it's worth
• Compare quantitative and qualitative risk analysis
• Describe methods to calculate quantitative risk
• Define probability classes
Module 7: Documenting risk treatment plans: how to protect assets
• Define risk management strategies
• Describe how to select risk treatment plans (physical, technical, social) appropriate to analysis results
• Describe the importance of documenting a policy to review risk management needs
Module 8: Planning for resiliency: how to continue your business
• List the sections of a Business Continuity Plan document
• Describe the BCP’s underlying plans
• List other BC-related plans and their contents
• Position the Disaster Recovery Plan with respect to the BCP
• List key elements for a Disaster Recovery plan
• Compare Disaster Recovery strategies for your company
• Compare levels of redundancy and retention
• Identify roles and responsibilities for recovery teams
• Optimize distribution and utility of documents
Module 9: Implement risk treatment plan
• Integrate the project requirements across risk, BCP, and DRP plans
• Follow project management best practices to implement plans for risk treatment across the organization
• Describe the steps to take during a security incident
• List the elements of a security incident report
• Identify what constitutes an incident
• Describe the process to collect evidence related to an incident
Module 10: Failing back
• Discuss what happens when you’re ready to go back
• Evaluate the opportunity to upgrade business effectiveness and/or resiliency
• Describe the steps
Module 11: Auditing risk management implementation and testing BCP procedures
• Differentiate between an audit and an assessment
• Define the characteristics of an audit
• Describe when an audit may be applicable
• Predict evidence requested during an audit process
• Compare risk management audit, compliance audit, and BCP testing
• Describe the levels of testing for BCP/DRP plans
Module 12: Summary and case study
• Test your knowledge
• Given sufficient detail, design an appropriate risk strategy
Module 13: Business continuity planning—Next steps
• Ask the right questions to determine where your company currently stands
• Champion the need for Business Continuity Planning with your management
• Determine how much help you need and get it
Sınıf eğitimlerimizi Kıbrıs ofislerimizde düzenlemekteyiz. Kurumunuza özel eğitimleri ise, dilediğiniz tarih ve lokasyonda organize edebiliriz.