Class Details

Price: $1,990

Information Security Risk Assessment through Data Collection and Analysis - Course Description:

This four day instructor-led course teaches the security practitioner to find out:

  • What needs protection
  • What risks those assets are exposed to
  • What controls are in place to offset those risks
  • Where to focus attention for risk treatment

Expert lecture and exercises enforce the true value and purpose of information security risk assessments. Student gain proficiency in conducting effective risk assessments that provide defendable analysis of residual risk association to present risk treatment options. This course gives students the tools and skills to acquire a quick, reliable, and thorough risk assessment for key stakeholders.

Course Outline

Information Security Risk Assessment through Data Collection and Analysis - Course Outline:

Module 1: Information Security Risk Assessments

Lesson 1A: What is Risk?

Lesson 1B: What is Information Security Risk Assessment?

Lesson 1C: Drivers, Laws, and Regulations

Module 2:  A Practical Approach to Information Security Assessment

Lesson 2A: Risk Assessment Frameworks

Lesson 2B: OCTAVE

Lesson 2C: NIST SP 800-30

Lesson 2D: ISO 27005

Module 3: Data Collection

Lesson 3A: The Sponsor

Lesson 3B: The Project Team

Lesson 3C: Data Collection

Lesson 3D: Document Requests

Lesson 3E: IT Asset Inventory

Lesson 3F: Asset Scoping

Lesson 3G: Asset Profile Survey

Lesson 3H: Survey Support

Module 3 Exercises

Module 4: Data Analysis

Lesson 4A: Compiling Observations from Organizational Risk Documents

Lesson 4B: Preparation of Threat and Vulnerability Catalogs

Lesson 4C: Overview of the System Risk Computation

Lesson 4D: Impact Analysis Scheme

Lesson 4E: Control Analysis Scheme

Lesson 4F: Likelihood Analysis Scheme

Lesson 4G: Final Risk Score

Module 4 Exercises

Module 5: Risk Assessment

Lesson 5A: System Risk Analysis

Module 5 Exercises

Module 6: Risk Prioritization and Treatment

Lesson 6A: Organizational Risk Prioritization and Treatment

Lesson 6B: System Specific Risk Prioritization and Treatment

Lesson 6C: Issues Register

Module 6 Exercises

Module 7: Reporting

Lesson 7A: Outline

Lesson 7B: Risk Analysis Executive Summary

Lesson 7C: Methodology

Lesson 7D: Results

Lesson 7E: Risk Register

Module 7 Exercises

Module 8: Maintenance and Wrap Up

Lesson 8A: Process Summary

Lesson 8B: Key Deliverables

Lesson 8C: Post Mortem

Objectives

Participants will do the following:

  • Identify assets that need to be protected
  • Identify what risks those assets are exposed to
  • Identify what controls are in place to offset those risks
  • Use the most efficient tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders

Register for Class

Date Location
01/08/19 - 01/11/19, 4 days, 8:30AM – 4:30PM San Antonio, TX Sold Out!