Due to Covid-19 safety restrictions PhoenixTS will temporarily be unable to provide food to our students who attend class at our Training Center; however, our Break Areas are currently open where students will find a constant supply of Coffee, Tea and Water. Students may bring their own lunch and snacks to eat in our breakrooms or at their seat in the classroom or eat out at one of the many nearby restaurants.
This four day instructor-led course teaches the security practitioner to find out:
- What needs protection
- What risks those assets are exposed to
- What controls are in place to offset those risks
- Where to focus attention for risk treatment
Expert lecture and exercises enforce the true value and purpose of information security risk assessments. Student gain proficiency in conducting effective risk assessments that provide defendable analysis of residual risk association to present risk treatment options. This course gives students the tools and skills to acquire a quick, reliable, and thorough risk assessment for key stakeholders.
Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 240-667-7757.
Information Security Risk Assessments
- What is Risk?
- What is Information Security Risk Assessment?
- Drivers, Laws, and Regulations
Practical Approach to Information Security Assessment
- Risk Assessment Frameworks
- NIST SP 800-30
- ISO 27005
- The Sponsor
- The Project Team
- Data Collection
- Document Requests
- IT Asset Inventory
- Asset Scoping
- Asset Profile Survey
- Survey Support
- Module 3 Exercises
- Compiling Observations from Organizational Risk Documents
- Preparation of Threat and Vulnerability Catalogs
- Overview of the System Risk Computation
- Impact Analysis Scheme
- Control Analysis Scheme
- Likelihood Analysis Scheme
- Final Risk Score
- Module 4 Exercises
- System Risk Analysis
- Module 5 Exercises
Risk Prioritization and Treatment
- Organizational Risk Prioritization and Treatment
- System Specific Risk Prioritization and Treatment
- Issues Register
- Module 6 Exercises
- Risk Analysis Executive Summary
- Risk Register
- Module 7 Exercises
Maintenance and Wrap Up
- Process Summary
- Key Deliverables
- Post Mortem
Information security and related professionals are the ideal candidates to take this training course. Other professionals that could potentially find this course useful are risk professionals, control professionals, business analysts, project managers, and compliance professionals.