IT Risk Management
Overview
This course covers risk management, the primary process organizations use to determine their capability to identify, manage, and respond to risk and verify their ability to maintain confidentiality, integrity, and availability of their information assets. Participants review common risk assessments and analysis requirements for meeting both regulatory and industry expectations and ways to demonstrate technology risks, and their potential outcomes are embedded in their risk management process.
Why you should take this course
For users who are new to internal auditing, or would like to learn more about it.
Here are the topics we'll cover.
-
Introduction to Risk Management
- Compliance vs. Security
- Vulnerability, Threat and Risk -Risk Appetite and Tolerance
-
IT Risk Identification and Risk Universe
- Cybersecurity Incidents and Breaches
- Time to Discovery
- Growth of Cybercrime
- Cybersecurity Considerations
- Privacy
-
Risk Scenario Development
- Financial Risks and Breaches
- Cost Breakdown
- Incident Response
- Cause of Loss and Insurance
-
Risk Analysis
- Enterprise and IT Risk
- Cybersecurity Risk Components
- Risk Management Program Components
-
Risk Evaluation
- Legal and Regulatory Implications
- Organizational liabilities
- US Federal and State Laws, and Regulations
- International Laws and Issues
-
Business Impact Analysis
- Risk Governance, Awareness and Communication
- Risk Policies and Risk Management
- Process Maturity
-
Risk Response
- Frameworks and Controls
- NIST, HIPAA, ISO, COBIT, PCI, OWASP
- Control Baseline
- Actions
-
Cost Benefit Analysis and Business Case
- Risk Assessment Types and Varieties
- Quantitative and FAIR Risk and Cost Analysis
- Qualitative, OCTAVE, and NIST Assessments
-
Control Development
- Gartner Hype Cycle
- Strategic Implications
- Scoping, Assumptions and Constraints
- Controls Selection
-
Risk Monitoring and Reporting
- Information Requests and Data Collection
- Vulnerabilities and Penetration Testing
- Sharing Results
- Risk Registers
- Process Maturity
- Keys to Risk Monitoring
- Cloud Risks and Third-Party Risk Management
Learning Style
Level
Who this course is for
NASBA Certified CPE
Field of Study
Length of course
Prerequisites
Advanced Preparation
Here are the learning objectives we'll cover
- List fundamental concepts of IT Risk Management
- Describe cybersecurity and privacy frameworks
- Understand the key components to prepare an IT risk assessment
- Understand the key components to prepare privacy impact assessments