Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
Investment in The Coconut Industry by Nancy Cheruiyot
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
1. INFORMATION
TECHNOLOGY
RISK
MANAGEMENT &
LEADERSHIP
30 MARCH - 02 APRIL 2014
RADISSON BLU
DUBAI DEIRA CREEK
UNITED ARAB EMIRATES
IT
SERIES
COURSE OVERVIEW
Are you effectively securing your organization’s IT systems that store, process, or
transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and
being coordinated across all functional and business units?
YOUR INTERNATIONAL
COURSE FACILITATOR
Dr Mark T. Edmead
PhD, MBA, CISSP, CISA, COBIT
With the release IT Governance frameworks, requirements for risk management
and new international standards entering the market, the pressure is mounting
to ensure that all your IT risks are identified and the necessary action is taken – be
this to mitigate them, accept or ignore them. So, how safe is your IT system? What
are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management
process that protects the organization, not just its IT assets, and provides it with
the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking
preventive measures to reduce it to an acceptable level. It is critical that you
develop an effective risk management program that assesses and mitigates risks
within your IT systems and better manages these IT-related mission risks.
IT Transformational
Consultant
MTE Advisors
Mark T. Edmead is a successful technology entrepreneur
with over 28 years of practical experience in computer
systems architecture, information security, and project
management.
Mark excels in managing the tight-deadlines and ever
changing tasks related to mission-critical project
schedules. He has extensive knowledge in IT security, IT
and application audits, Internal Audit, IT governance,
including Sarbanes-Oxley, FDIC/FFIEC, and GLBA
compliance auditing.
Mr. Edmead understands all aspects of information
security and protection including access controls,
cryptography, security management practices, network
and Internet security, computer security law and
investigations, and physical security.
BENEFITS OF ATTENDING
Using a carefully selected case study, course participants will:
• Identify common IT project risks
• Learn how to assess threats and vulnerabilities to create a risk response strategy
• Understand what qualifies as risk with IT projects & the most common IT risk sources
• Qualify and quantify IT risks
• Learn the difference between negative and positive IT risks
• Develop an IT risk management plan
• Plan risk response methods for IT risks
• Create risk mitigation and contingency plans
• Monitor and control project risks
• Overcome resistance from stakeholders and team members
He has trained Fortune 500 and Fortune 1000 companies
in the areas of information, system, and Internet security.
He has worked with many international firms, and has the
unique ability to explain very technical concepts in
simple-to-understand terms. Mr. Edmead is a sought after
author and lecturer for information security and
information technology topics.
Mark works as an information security and regulatory
compliance consultant. He has:
• Conducted internal IT audits in the areas of critical
infrastructure/ systems and applications,
• Assessed and tested internal controls of critical
infrastructure platform systems (Windows, UNIX, IIS, SQL,
Oracle)
• Assessed and tested internal controls of various critical
financial applications.
EXCLUSIVE:
:
COURSE QUESTIONNAIRE & TAKEAWAYS
1. An extensive IT Security Architecture Questionnaire that will help you
An extensive Security Architecture Questionnaire that will help
extensive Security Architecture Questionnaire that
c
help
evaluate your organizati ’ security position.
organization’s
i ti
i
it
iti
2. FREE CoBIT 4.0 IT Governance Assessment Evaluation Spreadsheet
3. Take with you templates and worksheets to aid you in applying and putting
into practice what you have learned from this workshop.
4. FREE copy of course material, case studies, and other related items of the
training workshop
• Prepared risk assessments and determined risks to
critical financial data systems and infrastructure
c
components.
c
• Created test plans & processes and executed test plans.
• Conducted reviews of existing systems and
applications, ensuring appropriate security, management
a
and data integrity via control processes.
a
• Prepared written reports to all levels of management
• Participated in audit review panel sessions to address
results, conclusions and follow-up actions required.
r
Tel:
Tel: +6016 3326 360
Fax: +603 9205 7779
kris@360bsig oup.com
kr s@360bs group.com
kris@360bsigroup.com
1
2. COURSE
CONTENT
DAY1 IT RISK MANAGEMENT
LEADERSHIP WORKSHOP
IT Risk Management Leadership Workshop is a special one-day course
designed to teach information security professionals how to become an
effective information security manager. In addition, you will learn tips
and techniques that will increase your competence and confidence when
influencing information security in your organization.
Implementing IT Risk Management in an organization is a major effort.
This requires coordination with all departments. It requires interfacing
with individuals at all levels from technicians and programmers to
managers, directors, and C-level executives.
In this workshop you will learn how perform a stakeholder analysis,
outline the stakeholders required to accomplish your job, and how to
effectively navigate the possible roadblocks preventing you from
accomplishing your tasks. In addition, you will learn tips and techniques
that will increase your competence and confidence when influencing
and implementing information technology in your organization.
WHY THIS EVENT
The aim of this interactive workshop is to provide
you with the skills critical to IT Risk Management.
After attending this workshop, you will leave
fully armed with the knowledge needed
effectively secure your organization’s IT systems
& infrastructure. You will be able to establish an
effective risk management program to assess
and mitigate risk, and protect your IT assets.
The combination of interactive presentations,
hands-on exercises and open discussion groups
along with real case studies, ensures you will
obtain maximum value from attending.
Managing the IT Risk Management Process
- Creating an IT Risk Management framework
- Determining your critical success factors (CSF)
- Determining your key performance indicators (KPI)
- Challenges in managing the process
Understanding your Corporate Culture
- Understanding your organization’s trends, strategy and environment
- Tips, tricks, and trouble spots
- Developing a business continuity management culture
- Exercising, maintenance, and audit
Understanding your Stakeholders
- How to identify your key stakeholders
- Performing a stakeholder analysis
- Creating a stakeholder engagement communication plan
- Getting stakeholder engagement and support
DAY2 UNDERSTANDING THE NEED FOR
IT RISK MANAGEMENT
In this section we will discuss why is it important to consider information
technology risks and the impact if an assessment is not performed.
- Use of IT risk management in an organization
- The importance of IT risk management
- IT risk management and ownership
- What is risk assessment?
Establishing the context of risk in your business
- Why your organization needs IT risk management
- Consequences for inadequate or no IT risk management activities
- The benefits of implementing IT risk management
WHO SHOULD ATTEND
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Information Security Officers
Chief Technology Officers
IT Risk Managers
IT Security Managers
Compliance Officers
Program and Project Managers
IT Project Managers
IT Operation Managers
2
3. COURSE
CONTENT
DAY3 UNDERSTANDING IT SECURITY
FRAMEWORKS AND STANDARDS
An understanding of the various information technology frameworks
and standards, and the basics of information security is necessary to
better understand how to assess the risks associated with the security
implementation.
- ISO 27001
- COBIT IT Governance Framework
- NIST SP-800
Information security fundamentals
- Confidentiality, integrity, and availability
- Accountability, non-repudiation, identification
- Understanding information assurance
Developing an IT risk management strategy
- How to perform a high-level risk assessment
- Understanding your business risk appetite
- Establishing your criteria for risk acceptance
- Complying with industry, legal, and/or regulatory requirements
DAY4 UNDERSTANDING THE IMPACT OF
IT RISK TO YOUR ORGANIZATION
The risk “appetite” of an organization will vary depending on several
variables. It is critical to understand what is it that you are protecting and
the impact of a threat in the event it becomes real.
- How to identify tangible and intangible assets
- Determining the value of these assets
- Comparing asset value versus control mitigation costs
- Conducting a business impact analysis
Latest TESTIMONIALS
1
“I am impressed with the quality of teaching. I am
now more equipped to handle my job more
efficiently.”
- Okudo Anayo, ERM Financial Risk Manager, Asset Management
Corporation of Nigeria
2
“The course was very informative and an eye
opener on how to manage IT Risk in an
organization.”
- George Ochola, Manager - IT Risk, Equity Bank Limited
3
“A great & interactive course. It has enhanced my
knowledge regarding IT Risk Management. Dr.
Mark is an excellent trainer.”
- Yousif Ebrahim Faraj, Senior Lecturer, Bahrain Institute of Banking &
Finance (BIBF)
4
“The course was very interactive and informal.
There were many takeaways which will help me in
implementing Risk Management in my
organization and also help in procuring
management buy-in.”
- Aziz Ahmed, Head of IT, Wall Street Exchange Centre LLC
5
“This course covers all the essential knowledge on
IT Risk.”
- Abdullah Al-Nami, Senior Vice President for Operational Risk and MLC,
Riyad Bank
6
“The trainer well managed the interaction between
the participants and delivered the material very
professionally.”
- Adnane Ajroudi, Applications Manager, Dolphin Energy Ltd
Applying risk management controls
- Finding the right control to manage risk
- Using best practice frameworks
- How to manage residual risk
Implementing an IT risk monitoring process
- Performing periodic reviews
- How to reporting IT risk status
- Creating a risk reporting plan
The IT Risk Management Document
- Outline of the IT Risk Management document
- Keeping your document up-to-date
- Getting stakeholder support and acceptance
COURSE SCHEDULE
8.00
8.30
10.10 - 10.30
12.00 - 13.00
14.40 - 15.00
16.00
Registration & Coffee/Tea
Workshop commences
Morning coffee/tea
Lunch
Afternoon coffee/tea
End of day
3