IT Risk Management & Leadership 23 - 26 June 2013 Dubai

445 views

Published on

WHY IS THIS IT RISK ASSESSMENT WORKSHOP IMPORTANT?

Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?


With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?

The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.

Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.


BENEFITS OF ATTENDING THIS WORKSHOP


Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members



WHO SHOULD ATTEND THIS WORKSHOP

IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager


Contact Kris at kris@360bsi.com to register.

Published in: Technology, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
445
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IT Risk Management & Leadership 23 - 26 June 2013 Dubai

  1. 1. 1 YOUR INTERNATIONAL COURSE FACILITATOR Dr Mark T. Edmead MBA, CISSP, CISA, CompTIA Security+ IT Security Consultant & Trainer MTE Advisors Mark T. Edmead is a successful technology entrepreneur with over 28 years of practical experience in computer systems architecture, information security, and project management. Mark excels in managing the tight-deadlines and ever changing tasks related to mission-critical project schedules. He has extensive knowledge in IT security, IT and application audits, Internal Audit, IT governance, including Sarbanes-Oxley, FDIC/FFIEC, and GLBA compliance auditing. Mr. Edmead understands all aspects of information security and protection including access controls, cryptography, security management practices, network and Internet security, computer security law and investigations, and physical security. He has trained Fortune 500 and Fortune 1000 companies in the areas of information, system, and Internet security. He has worked with many international firms, and has the unique ability to explain very technical concepts in simple-to-understand terms. Mr. Edmead is a sought after author and lecturer for information security and information technology topics. Mark works as an information security and regulatory compliance consultant. He has: • Conducted internal IT audits in the areas of critical infrastructure/ systems and applications, • Assessed and tested internal controls of critical infrastructure platform systems (Windows, UNIX, IIS, SQL, Oracle) • Assessed and tested internal controls of various critical financial applications. • Prepared risk assessments and determined risks to critical financial data systems and infrastructure components. • Created test plans & processes and executed test plans. • Conducted reviews of existing systems and applications, ensuring appropriate security, management and data integrity via control processes. • Prepared written reports to all levels of management • Participated in audit review panel sessions to address results, conclusions and follow-up actions required. Tel: +6016 3326 360 Fax: +603 9205 7788 kris@360bsigroup.com c c • • a a • • r TeTel:l: +6016 3326 360 Fax: +603 9205 7788 krkriss@3@36060bsbsiggrooupup.c.comom 1. An extensive IT Security Architecture Questionnaire that will help you evaluate your organization’s security position. 2. FREE CoBIT 4.0 IT Governance Assessment Evaluation Spreadsheet 3. Take with you templates and worksheets to aid you in applying and putting into practice what you have learned from this workshop. 4. FREE copy of course material, case studies, and other related items of the training workshop 1.1. AAnn exextetensnsivivee ITIT SSecec evaluate your organizati EXCLUSIVE: ArArchchititecectuturere QQueueststioionnnnaiairere tthahatt wiwillll hhelelpp you i ’ it iti ccururitityy i ti :: COURSE QUESTIONNAIRE & TAKEAWAYS Using a carefully selected case study, course participants will: • Identify common IT project risks • Learn how to assess threats and vulnerabilities to create a risk response strategy • Understand what qualifies as risk with IT projects & the most common IT risk sources • Qualify and quantify IT risks • Learn the difference between negative and positive IT risks • Develop an IT risk management plan • Plan risk response methods for IT risks • Create risk mitigation and contingency plans • Monitor and control project risks • Overcome resistance from stakeholders and team members BENEFITS OF ATTENDING Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information? Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units? With the release IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to? The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission. Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks. COURSE OVERVIEW IT SERIES 23 - 26 JUNE 2013 RADISSON BLU DUBAI DEIRA CREEK UNITED ARAB EMIRATES INFORMATION TECHNOLOGY RISK MANAGEMENT & LEADERSHIP
  2. 2. 2 WHO SHOULD ATTEND Vice Presidents, Directors, General Managers Chief Information Officers Chief Information Security Officers Chief Technology Officers IT Risk Managers IT Security Managers Compliance Officers Program and Project Managers IT Project Managers IT Operation Managers WHY THIS EVENT The aim of this interactive workshop is to provide you with the skills critical to IT Risk Management. After attending this workshop, you will leave fully armed with the knowledge needed effectively secure your organization’s IT systems & infrastructure. You will be able to establish an effective risk management program to assess and mitigate risk, and protect your IT assets. The combination of interactive presentations, hands-on exercises and open discussion groups along with real case studies, ensures you will obtain maximum value from attending. DAY2 UNDERSTANDING THE NEED FOR IT RISK MANAGEMENT In this section we will discuss why is it important to consider information technology risks and the impact if an assessment is not performed. - Use of IT risk management in an organization - The importance of IT risk management - IT risk management and ownership - What is risk assessment? Establishing the context of risk in your business - Why your organization needs IT risk management - Consequences for inadequate or no IT risk management activities - The benefits of implementing IT risk management DAY1 IT RISK MANAGEMENT LEADERSHIP WORKSHOP IT Risk Management Leadership Workshop is a special one-day course designed to teach information security professionals how to become an effective information security manager. In addition, you will learn tips and techniques that will increase your competence and confidence when influencing information security in your organization. Implementing IT Risk Management in an organization is a major effort. This requires coordination with all departments. It requires interfacing with individuals at all levels from technicians and programmers to managers, directors, and C-level executives. In this workshop you will learn how perform a stakeholder analysis, outline the stakeholders required to accomplish your job, and how to effectively navigate the possible roadblocks preventing you from accomplishing your tasks. In addition, you will learn tips and techniques that will increase your competence and confidence when influencing and implementing information technology in your organization. Managing the IT Risk Management Process - Creating an IT Risk Management framework - Determining your critical success factors (CSF) - Determining your key performance indicators (KPI) - Challenges in managing the process Understanding your Corporate Culture - Understanding your organization’s trends, strategy and environment - Tips, tricks, and trouble spots - Developing a business continuity management culture - Exercising, maintenance, and audit Understanding your Stakeholders - How to identify your key stakeholders - Performing a stakeholder analysis - Creating a stakeholder engagement communication plan - Getting stakeholder engagement and support COURSE CONTENT
  3. 3. 3 COURSE SCHEDULE 8.00 8.30 10.10 - 10.30 12.00 - 13.00 14.40 - 15.00 16.00 Registration & Coffee/Tea Workshop commences Morning coffee/tea Lunch Afternoon coffee/tea End of day “I am impressed with the quality of teaching. I am now more equipped to handle my job more efficiently.” - Okudo Anayo, ERM Financial Risk Manager, Asset Management Corporation of Nigeria “The course was very informative and an eye opener on how to manage IT Risk in an organization.” - George Ochola, Manager - IT Risk, Equity Bank Limited “A great & interactive course. It has enhanced my knowledge regarding IT Risk Management. Dr. Mark is an excellent trainer.” - Yousif Ebrahim Faraj, Senior Lecturer, Bahrain Institute of Banking & Finance (BIBF) “The course was very interactive and informal. There were many takeaways which will help me in implementing Risk Management in my organization and also help in procuring management buy-in.” - Aziz Ahmed, Head of IT, Wall Street Exchange Centre LLC “This course covers all the essential knowledge on IT Risk.” - Abdullah Al-Nami, Senior Vice President for Operational Risk and MLC, Riyad Bank “The trainer well managed the interaction between the participants and delivered the material very professionally.” - Adnane Ajroudi, Applications Manager, Dolphin Energy Ltd 6 5 4 3 2 1 Latest TESTIMONIALS DAY4 UNDERSTANDING THE IMPACT OF IT RISK TO YOUR ORGANIZATION The risk“appetite”of an organization will vary depending on several variables. It is critical to understand what is it that you are protecting and the impact of a threat in the event it becomes real. - How to identify tangible and intangible assets - Determining the value of these assets - Comparing asset value versus control mitigation costs - Conducting a business impact analysis Applying risk management controls - Finding the right control to manage risk - Using best practice frameworks - How to manage residual risk Implementing an IT risk monitoring process - Performing periodic reviews - How to reporting IT risk status - Creating a risk reporting plan The IT Risk Management Document - Outline of the IT Risk Management document - Keeping your document up-to-date - Getting stakeholder support and acceptance DAY3 UNDERSTANDING IT SECURITY FRAMEWORKS AND STANDARDS An understanding of the various information technology frameworks and standards, and the basics of information security is necessary to better understand how to assess the risks associated with the security implementation. - ISO 27001 - COBIT IT Governance Framework - NIST SP-800 Information security fundamentals - Confidentiality, integrity, and availability - Accountability, non-repudiation, identification - Understanding information assurance Developing an IT risk management strategy - How to perform a high-level risk assessment - Understanding your business risk appetite - Establishing your criteria for risk acceptance - Complying with industry, legal, and/or regulatory requirements COURSE CONTENT
  4. 4. PAYMENT DETAILSFEES 4 OTHER RELATED PUBLIC COURSES IT Governance Service Oriented Architecture (SOA) Business Continuity and Disaster Recovery Preparing for the CISSP exam Cybercrime & Fraud Investigation IT Change Management IT Project Management 360 BSI is passionate about providing strategic IT programs and high potential training solutions across the region to build personal competencies and organizational capability. You will receive practical training from a professionally qualified educator with over twenty years of teaching and training experience. Please feel free to mix-and-match topics from the areas listed below to get the right training content for your staff. Other topics may be available upon request. IN-HOUSE TRAINING Thank you for your registration! * Save up to 50% for In-house Training program Substitutions are welcome at any time. Please notify us at least 2 working days prior to the event. All cancellations will carry a 10% cancellation fee, once a registration form is received. All cancellations must be in writing by fax or email at least 2 weeks before the event date. Cancellations with less than 2 weeks prior to the event date carry a 100% liability. However, course materials will still be couriered to you. General Information: Registrations close ONE (1) week before the training dates. The fees cover lunch, tea breaks, materials and certificate. Official confirmation will be sent, once registration has been received. Participants will need to arrange their own accommodation. Attire: Smart Casual 1 2 3 4 5 Cancellations/Substitutions Fax: +603 9205 7788 Tel: +603 9205 7772 Mobile: +6016 3326 360 Email: kris@360bsigroup.com REGISTRATION FORM Hotel Contact Details: Payment is required within 5 days upon receipt of the invoice. Bank transfer: 360 BSI MIDDLE EAST LIMITED Abu Dhabi Commercial Bank Dubai Mall Branch, P.O.Box 49124 Dubai, U.A.E Account No: 10065721319001 Swift No: ADCBAEAAXXX IBAN No: AE780030010065721319001 All payments must be received prior to the event date USD 8,085- Special for Group of 3 USD 2,995 per delegate The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable the client has to ensure that the taxes are paid on top of the investment fee paid for the course. Compliance with the local tax laws is the responsibility of the client. For Room Reservation, contact for 360BSI corporate rates. Telephone: 00971 4 2057105 Fax: 00971 4 2234698 E-mail: reservations.dxbza@radissonblu.com Radisson BLU Hotel, Dubai Deira Creek Baniyas Road, P.O. Box 476, Dubai, UAE 360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia.© www.360bsi.com/IT Name Name on tag Job Title Email Mobile : : : : : Name Name on tag Job Title Email Mobile : : : : : Name Name on tag Job Title Email Mobile : : : : : 1 2 3 DELEGATES AUTHORIZATION (This form is invalid without a signature) Name : Job Title : Email : ( )Tel : Organization : Address : Signature : Date: / / 23 - 26 JUNE 2013 RADISSON BLU DUBAI DEIRA CREEK UAE INFORMATION TECHNOLOGY RISK MANAGEMENT & LEADERSHIP

×