Course Overview
TOPExpert lecture and exercises enforce the true value and purpose of information security risk assessments. Student gain proficiency in conducting effective risk assessments that provide defendable analysis of residual risk association to present risk treatment options. This course gives students the tools and skills to acquire a quick, reliable, and thorough risk assessment for key stakeholders.
Scheduled Classes
TOPWhat You'll Learn
TOPParticipants will do the following:
- Identify assets that need to be protected
- Identify what risks those assets are exposed to
- Identify what controls are in place to offset those risks
- Use the most efficient tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders
Outline
TOPModule 1: Information Security Risk Assessments
Lesson 1A: What is Risk?
Lesson 1B: What is Information Security Risk Assessment?
Lesson 1C: Drivers, Laws, and Regulations
Module 2: A Practical Approach to Information Security Assessment
Lesson 2A: Risk Assessment Frameworks
Lesson 2B: OCTAVE
Lesson 2C: NIST SP 800-30
Lesson 2D: ISO 27005
Module 3: Data Collection
Lesson 3A: The Sponsor
Lesson 3B: The Project Team
Lesson 3C: Data Collection
Lesson 3D: Document Requests
Lesson 3E: IT Asset Inventory
Lesson 3F: Asset Scoping
Lesson 3G: Asset Profile Survey
Lesson 3H: Survey Support
Module 3 Exercises
Module 4: Data Analysis
Lesson 4A: Compiling Observations from Organizational Risk Documents
Lesson 4B: Preparation of Threat and Vulnerability Catalogs
Lesson 4C: Overview of the System Risk Computation
Lesson 4D: Impact Analysis Scheme
Lesson 4E: Control Analysis Scheme
Lesson 4F: Likelihood Analysis Scheme
Lesson 4G: Final Risk Score
Module 4 Exercises
Module 5: Risk Assessment
Lesson 5A: System Risk Analysis
Module 5 Exercises
Module 6: Risk Prioritization and Treatment
Lesson 6A: Organizational Risk Prioritization and Treatment
Lesson 6B: System Specific Risk Prioritization and Treatment
Lesson 6C: Issues Register
Module 6 Exercises
Module 7: Reporting
Lesson 7A: Outline
Lesson 7B: Risk Analysis Executive Summary
Lesson 7C: Methodology
Lesson 7D: Results
Lesson 7E: Risk Register
Module 7 Exercises
Module 8: Maintenance and Wrap Up
Lesson 8A: Process Summary
Lesson 8B: Key Deliverables
Lesson 8C: Post Mortem
Prerequisites
TOPWho Should Attend
TOPInformation security and related professionals fit the ideal candidate to take this training course. Other professionals that could potentially find this course useful are:
- Risk professionals
- Control professionals
- Business analysts
- Project managers
- Compliance professionals