9 - 13 Feb 2025
Istanbul (Turkey)
Hotel : DoubleTree by Hilton Istanbul Esentepe
Cost : 5775 € Euro
This course is built around globally accepted standards such as ISO 31000:2009 and frameworks such as ISACA’s Risk IT, and NIST and OCTAVE guidelines for risk management.
Upon completion of this course, participants will be able to:
Identify where and how to reduce known/unknown IT risks
Identify areas of cost-benefit optimization and thus reduce IT expenditure
Understand the ISO 31000:2009 standard and its applicability to the corporate environment
Understand risk assessment as addressed in BASEL II, ISO 20000, ISO 27001, ITIL, COSO, COBIT, BS 25999 and its relevance to IT
Understand the different IT Risk Assessment Standards, Models and Methodologies – NIST’s SP-800-30, and OCTAVE™, ISO 27005
Insights on the practical use of risk assessment and control evaluation techniques
Background
Briefing on the Definition of Risk and Risk in the context of Information Technology
Discussion and recording: Known risk scenarios
IT Risk Management Initiative
Project Planning Requirements
Groundwork:
General Risk Scenarios
Understanding Business-specific, industry-specific, region/location-specific scenarios
Recording the scenarios
Day 2:
Management Buy-in
Degree of business dependence on information technology
Understanding and recording technology-specific risks
Tying in general risk scenarios with IT risks
Techniques of building a business case
Budgeting
Project Planning
Resource Identification and Allocation
Day 3:
Understanding the Concepts and Techniques
IT Risk Management Cycle
Technology and business drivers
Risk Terms – Asset, Threat, Threat Agent, Threat Event, Vulnerability, Countermeasure, Risk, Residual Risk
Risk Assessment Methodology
ISO 31000:2009 Overview
IT Risk Assessment:
IT Process Selection
IT Component Selection
Approach Selection
Risk Discussion :
Risks from IT Strategy adopted
Risks from IT Processes and Plans
Risks from Networks and Systems
Risks from Business Applications
Risks from Internal Application
Risks from Devices – Security Implementation, Disaster Recovery, Business Continuity
Risks from Internal and External customers
Applying ISO 31000 and Risk IT for Risk Assessment
Challenges and Solutions
Case Study I
Day 4:
IT Risk Mitigation:
IT Risk Mitigation Options
IT Risk Mitigation Strategy
Controls’ Identification and Analysis
Cost Benefit Analysis
Calculating Residual Risk
Case Study II
Applying ISO 31000 and Risk IT for Risk Mitigation
Day 5:
Evaluation IT Risk Management Cycle:
Project Evaluation
Learning from Selection and Execution techniques
Integrating IT Risk Management with various frameworks and standards – BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001, BS 25999
IT Risk Management Cycle: A Revision