Training Course: IT Risk Management

IT234824 16 - 20 Mar 2025 Cost : 2275 € Euro
Register Inquiry Choose Date

Introduction

Risk management is the identification, assessment, and prioritization of risks followed by the coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

This course is built around globally accepted standards such as ISO 31000:2009 and frameworks such as ISACA’s Risk IT, and NIST and OCTAVE guidelines for risk management.

Objectives

Upon completion of this course, participants will be able to:

  • Identify where and how to reduce known/unknown IT risks

  • Identify areas of cost-benefit optimization and thus reduce IT expenditure

  • Understand the ISO 31000:2009 standard and its applicability to the corporate environment

  • Understand risk assessment as addressed in BASEL II, ISO 20000, ISO 27001, ITIL, COSO, COBIT, BS 25999 and its relevance to IT

  • Understand the different IT Risk Assessment Standards, Models and Methodologies – NIST’s SP-800-30, and OCTAVE™, ISO 27005

  • Insights on the practical use of risk assessment and control evaluation techniques

Course outline

Day 1:

  • Background

  • Briefing on the Definition of Risk and Risk in the context of Information Technology

  • Discussion and recording: Known risk scenarios

  • IT Risk Management Initiative

  • Project Planning Requirements

  • Groundwork:

  • General Risk Scenarios

  • Understanding Business-specific, industry-specific, region/location-specific scenarios

  • Recording the scenarios

Day 2:

  • Management Buy-in

  • Degree of business dependence on information technology

  • Understanding and recording technology-specific risks

  • Tying in general risk scenarios with IT risks

  • Techniques of building a business case

  • Budgeting

  • Project Planning

  • Resource Identification and Allocation

Day 3:

Understanding the Concepts and Techniques

  • IT Risk Management Cycle

  • Technology and business drivers

  • Risk Terms – Asset, Threat, Threat Agent, Threat Event, Vulnerability, Countermeasure, Risk, Residual Risk

  • Risk Assessment Methodology

  • ISO 31000:2009 Overview

       IT Risk Assessment:

  • IT Process Selection

  • IT Component Selection

  • Approach Selection

  • Risk Discussion :

  • Risks from IT Strategy adopted

  • Risks from IT Processes and Plans

  • Risks from Networks and Systems

  • Risks from Business Applications

  • Risks from Internal Application

  • Risks from Devices – Security Implementation, Disaster Recovery, Business Continuity

  • Risks from Internal and External customers

  • Applying ISO 31000 and Risk IT for Risk Assessment

  • Challenges and Solutions

  • Case Study I

Day 4:

  • IT Risk Mitigation:

  • IT Risk Mitigation Options

  • IT Risk Mitigation Strategy

  • Controls’ Identification and Analysis

  • Cost Benefit Analysis

  • Calculating Residual Risk

  • Case Study II

  • Applying ISO 31000 and Risk IT for Risk Mitigation

Day 5:

  • Evaluation IT Risk Management Cycle:

  • Project Evaluation

  • Learning from Selection and Execution techniques

  • Integrating IT Risk Management with various frameworks and standards – BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001, BS 25999

  • IT Risk Management Cycle: A Revision

 22 Portman Square, Marylebone, London W1H 7BG, UK
 3 Oudai street, Aldouki, Giza, Giza Governorate, Egypt
 0020233379764
 00201095004484
 00201102960555
 00201102960666
 19 Mayıs Mahallesi, 19 Mayis Street No 2 Sisli, 34360 Istanbul/Turkey
 00905357839460
 Australia Street, Raouche Beirut, Lebanon .، Beirut, Lebanon
 0096181746278
 811 Massachusetts Avenue, Boston, Massachusetts, 02118, USA
 6 Beirut Street - Fifth Circle Abdoun, P.O. Box 831370, 11183 Amman, Jordan
Copyright Global Horizon Training Center © 2019