IT Risk Management

Training Duration: 2 days

Training Delivery Method: On-site, instructor-led course; or online, instructor-led course

Prerequisites: Experienced IT professionals with background in security and risk management

What Problem Does This Training Help Solve?

Provides training on IT risk assessment, risk management, risk mitigation, risk acceptance, risk management methodologies, risk management software, and many other aspects of IT risk management

Who Should Attend? IT professionals interested in learning about IT risk control objectives, controls, methodologies, and risk management

Course Material: Content-rich manual/course handouts consisting of about 200 foils

Course Syllabus:

Alignment of IT with business objectives brings value to the organization, but IT has an element of associated risk. This risk must be properly managed in order to balance the IT value delivery and the IT risk.  There are many risks associated with the use of information technology, but the major ones are related to IT disaster recovery, IS security, IT processes outsourcing, and IT projects management. Such risks must be monitored, analyzed, mitigated, and accepted at appropriate levels to balance value and risk. Although it is a relatively new discipline, measurement and management of IT risk has reached a stage of fairly stable maturity.

Topics to be covered:

  • What IT risk is
  • The big 4 IT risks
  • How to assess IT risk
  • Risk analysis and risk management
  • How to measure the effectiveness of risk controls
  • Qualitative vs. Quantitative approaches
  • Risk-based approach to IT risk management
  • IT risk analysis methodologies
  • Octave, Cobra, IRAM, FRAPP, Sara, Sprint
  • NIST and European perspectives
  • Preventive, detective, and corrective controls for IT risk
  • Risk policies
  • Risk standards
  • Risk register
  • Awareness and training program
  • Risk acceptance- who does it


Featured Service