IT Risk Management

IT Audit

Overview

This course covers risk management, the primary process organizations use to determine their capability to identify, manage, and respond to risk and verify their ability to maintain confidentiality, integrity, and availability of their information assets. Participants review common risk assessments and analysis requirements for meeting both regulatory and industry expectations and ways to demonstrate technology risks, and their potential outcomes are embedded in their risk management process.

Why you should take this course

For users who are new to internal auditing, or would like to learn more about it.

Here are the topics we'll cover.

  1. Introduction to Risk Management

    • Compliance vs. Security
    • Vulnerability, Threat and Risk -Risk Appetite and Tolerance

  2. IT Risk Identification and Risk Universe

    • Cybersecurity Incidents and Breaches
    • Time to Discovery
    • Growth of Cybercrime
    • Cybersecurity Considerations
    • Privacy

  3. Risk Scenario Development

    • Financial Risks and Breaches
    • Cost Breakdown
    • Incident Response
    • Cause of Loss and Insurance

  4. Risk Analysis

    • Enterprise and IT Risk
    • Cybersecurity Risk Components
    • Risk Management Program Components

  5. Risk Evaluation

    • Legal and Regulatory Implications
    • Organizational liabilities
    • US Federal and State Laws, and Regulations
    • International Laws and Issues

  6. Business Impact Analysis

    • Risk Governance, Awareness and Communication
    • Risk Policies and Risk Management
    • Process Maturity

  7. Risk Response

    • Frameworks and Controls
    • NIST, HIPAA, ISO, COBIT, PCI, OWASP
    • Control Baseline
    • Actions

  8. Cost Benefit Analysis and Business Case

    • Risk Assessment Types and Varieties
    • Quantitative and FAIR Risk and Cost Analysis
    • Qualitative, OCTAVE, and NIST Assessments

  9. Control Development

    • Gartner Hype Cycle
    • Strategic Implications
    • Scoping, Assumptions and Constraints
    • Controls Selection

  10. Risk Monitoring and Reporting

    • Information Requests and Data Collection
    • Vulnerabilities and Penetration Testing
    • Sharing Results
    • Risk Registers
    • Process Maturity
    • Keys to Risk Monitoring
    • Cloud Risks and Third-Party Risk Management

Learning Style

Instructor Led

Level

Entry Level

Who this course is for

Information Security, IT Audit, and Audit professionals looking to gain greater knowledge on performing an IT risk assessment and developing a strong IT risk management program.

NASBA Certified CPE

24 credits

Field of Study

Auditing

Length of course

24h

Prerequisites

None

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • List fundamental concepts of IT Risk Management
  • Describe cybersecurity and privacy frameworks
  • Understand the key components to prepare an IT risk assessment
  • Understand the key components to prepare privacy impact assessments

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/