HPE_HL947S Information Security Risk Management and Business Continuity Planning

COURSE OBJECTIVE:
Students attending this course will:Describe generalized risk management lifecycle as starting point in organizational discussions and how processes fit together• Identify models/frameworks relatedto Risk Management and Business Continuity Planning/DisasterRecovery Planning• Paraphrase the process for business impact analysis interviews andcalculating values• Paraphrase the process for assessing andanalyzing risk scenarios quantitatively andqualitatively• Outline the contents expected in a RiskTreatment Plan and BCP/DRP documents• Participate in risk managementimplementation auditDescribe the role of governance in managing risk and compliance• Describe management support andidentify team responsibilities. Create andconfigure virtual machines in Azure• Scope the current situation in termsof documents to gather and questionsto askDescribe the management requirements to implement risk and resiliency strategy• Recognize the scope of potential riskresponse and BCP/DRP strategies appropriate to level of risk• Categorize investment requirementsDiscuss requirements and proposals with security professionalBegin to prepare for various security-relatedcertification exams or a security lead positon

TARGET AUDIENCE:
• New System or Network Administratorswho want to understand how to determineand manage risk, including an appropriatebusiness continuity strategy• IT Professionals who need an overview ofrisk management and BCP/DR conceptsand techniques• Individuals working towards (orconsidering) an information security orrisk management-focused certification• Professionals who want to know moreabout risk management because it'simportant for their job as a securitypractitioner• Professionals who want to know moreabout business continuity strategiesbecause everybody needs to be ready forthe unexpected

COURSE PREREQUISITES:
• HPE Security Essentials (HL945S) orequivalent knowledge

COURSE CONTENT:
Module 1: Mapping risk management and continuity planning to your business • Describe riskmanagement• Discuss the relationship between security, businesscontinuity management and risk management• Define risk terms• Describe the risk equation• Define the key words relating to BCP/DRP• Position resiliency in your management strategy• Describe the types of response strategies• Describe the role of governance in managing risk andcomplianceModule 2: Making the case for risk management and business continuity planning • Discuss the importance ofrisk management and the need for BCP/DRP in any environment• List business considerations and drivers for riskmanagement and business continuity planning• Determine which drivers apply to your environmentModule 3: Managing risk as a process • Describe the purposeof frameworks, reference models, standards• List possible risk management models or frameworks as yourguide• Compare BCP/DRP frameworks for your environment• Describe the lifecycle of risk management• Distinguish between risk assessment, risk analysis, andbusiness impact analysis• Promote the ongoing need for training and plan updates• Define the activities involved in managing risk• List responsibilities and potential members for a riskmanagement team• Define the activities involved in developing andmaintaining a BCP/DRP• List responsibilities and potential members for a BCP team• Describe elements of a proposal for board approval• Identify stakeholders and their concernsModule 4: Analyzing business impact:where to focus • List detailed steps to conduct a businessimpact analysis project• Describe steps to conduct interviews to gather data• Describe how to increase success with BIA interviewing• Define analytical terms for business impact and recoveryrequirements• Explain the process to calculate and document recoveryrequirements for your critical business functionsModule 5: Assessing risk: what threats and vulnerabilities exist • List the requirements of a riskassessment team• Describe how to select assessment targets based on BIA• Outline the steps in a risk assessment project• Define the scope of an assessment• Identify what goes into a plan for examination activities(interviews and vulnerability scanning)• Compare data gathering methods• Compare risk assessment methods and tools• List expectations for documenting assessment results• List steps to mitigate risks of being a risk assessorModule 6: Analyzing risks: how much it's worth • Comparequantitative and qualitative risk analysis• Describe methods to calculate quantitative risk• Define probability classesModule 7: Documenting risk treatment plans: how to protect assets • Define risk management strategies• Describe how to select risk treatment plans (physical,technical, social) appropriate to analysis results• Describe the importance of documenting a policy to reviewrisk management needsCourse data sheetFollow us:Module 8: Planning for resiliency: how to continue your business• List the sections of a Business Continuity Plan document• Describe the BCP's underlying plans• List other BC-related plans and their contents• Position the Disaster Recovery Plan with respect to theBCP• List key elements for a Disaster Recovery plan• Compare Disaster Recovery strategies for your company• Compare levels of redundancy and retention• Identify roles and responsibilities for recovery teams• Optimize distribution and utility of documentsModule 9: Implement risk treatment plan • Integrate theproject requirements across risk, BCP, and DRP plans• Follow project management best practices to implementplans for risk treatment across the organization• Describe the steps to take during a security incident• List the elements of a security incident report• Identify what constitutes an incident• Describe the process to collect evidence related to anincidentModule 10: Failing back • Discuss what happens when you'reready to go back• Evaluate the opportunity to upgrade business effectivenessand/or resiliency• Describe the stepsModule 11: Auditing risk management implementation and testing BCP procedures• Differentiate between an audit and an assessment• Define the characteristics of an audit• Describe when an audit may be applicable• Predict evidence requested during an audit process• Compare risk management audit, compliance audit, and BCPtesting• Describe the levels of testing for BCP/DRP plansModule 12: Summary and case study • Test your knowledge• Given sufficient detail, design an appropriate riskstrategyModule 13: Business continuityplanning—Next steps• Ask the right questions to determine where your companycurrently stands• Champion the need for Business Continuity Planning withyour management• Determine how much help you need and get it

FOLLOW ON COURSES:
Not available. Please contact.