HPE_HL947S Information Security Risk Management and Business Continuity Planning

    As we've learned, Information Security is ultimately about
    protecting the assets most crucial to your business through
    preserving the Confidentiality, Integrity, and Availability of
    your information. In this 3-day course, IT professionals and
    security officers learn to assess and manage risk in their
    organization and plan for the unexpected.

    Risk management includes recognizing the
    assets key to your business success,
    documenting known threats, and their
    likelihood, calculating the impact of a potential
    breach and implementing specific controls to
    avoid breaches or minimize the impact if any
    occur. Further, for those assets, you identify
    processes to recover from a breach, and
    explicitly recognize the remaining risk that you
    choose to accept.
    Business continuity and disaster recovery
    planning extends this by responding when the
    unexpected happens and preparing to
    continue conducting business as usual, and as
    quickly as possible with as little impact on day
    to day operations. When disaster strikes, how
    much will it affect your company? Your
    reputation? Your customers?
    In this course, you learn to identify and
    evaluate risk to your highest priority assets,
    and also how to design, implement, and
    maintain effective, risk treatment controls.
    This course is also helpful for those working
    toward industry certifications like CRISC,
    ABCP, CFCP, CBCI, Security+ or others.

    COURSE OBJECTIVE:
    Students attending this course will:

    Describe generalized risk management

    lifecycle as starting point in organizational

    discussions and how processes fit together

    • Identify models/frameworks related

    to Risk Management and Business

    Continuity Planning/Disaster

    Recovery Planning

    • Paraphrase the process for business

    impact analysis interviews and

    calculating values

    • Paraphrase the process for assessing and

    analyzing risk scenarios quantitatively and

    qualitatively

    • Outline the contents expected in a Risk

    Treatment Plan and BCP/DRP documents

    • Participate in risk management

    implementation audit

    Describe the role of governance in managing

    risk and compliance

    • Describe management support and

    identify team responsibilities. Create and

    configure virtual machines in Azure

    • Scope the current situation in terms

    of documents to gather and questions

    to ask

    Describe the management requirements to

    implement risk and resiliency strategy

    • Recognize the scope of potential risk

    response and BCP/DRP strategies

    appropriate to level of risk

    • Categorize investment requirements

    Discuss requirements and proposals with

    security professional

    Begin to prepare for various security-related

    certification exams or a security lead positon

     

    TARGET AUDIENCE:
    • New System or Network Administrators

    who want to understand how to determine

    and manage risk, including an appropriate

    business continuity strategy

    • IT Professionals who need an overview of

    risk management and BCP/DR concepts

    and techniques

    • Individuals working towards (or

    considering) an information security or

    risk management-focused certification

    • Professionals who want to know more

    about risk management because it's

    important for their job as a security

    practitioner

    • Professionals who want to know more

    about business continuity strategies

    because everybody needs to be ready for

    the unexpected

    COURSE PREREQUISITES:
    • HPE Security Essentials (HL945S) or
    equivalent knowledge

    COURSE CONTENT:
    Module 1: Mapping risk management and

    continuity planning to your business • Describe risk
    management

    • Discuss the relationship between security, business
    continuity management and risk management

    • Define risk terms

    • Describe the risk equation

    • Define the key words relating to BCP/DRP

    • Position resiliency in your management strategy

    • Describe the types of response strategies

    • Describe the role of governance in managing risk and
    compliance

    Module 2: Making the case for risk management

    and business continuity planning • Discuss the importance of
    risk management and the need for BCP/DRP in any environment

    • List business considerations and drivers for risk
    management and business continuity planning

    • Determine which drivers apply to your environment

    Module 3: Managing risk as a process • Describe the purpose
    of frameworks, reference models, standards

    • List possible risk management models or frameworks as your
    guide

    • Compare BCP/DRP frameworks for your environment

    • Describe the lifecycle of risk management

    • Distinguish between risk assessment, risk analysis, and
    business impact analysis

    • Promote the ongoing need for training and plan updates

    • Define the activities involved in managing risk

    • List responsibilities and potential members for a risk
    management team

    • Define the activities involved in developing and
    maintaining a BCP/DRP

    • List responsibilities and potential members for a BCP team

    • Describe elements of a proposal for board approval

    • Identify stakeholders and their concerns

    Module 4: Analyzing business impact:

    where to focus • List detailed steps to conduct a business
    impact analysis project

    • Describe steps to conduct interviews to gather data

    • Describe how to increase success with BIA interviewing

    • Define analytical terms for business impact and recovery
    requirements

    • Explain the process to calculate and document recovery
    requirements for your critical business functions

    Module 5: Assessing risk: what threats and

    vulnerabilities exist • List the requirements of a risk
    assessment team

    • Describe how to select assessment targets based on BIA

    • Outline the steps in a risk assessment project

    • Define the scope of an assessment

    • Identify what goes into a plan for examination activities
    (interviews and vulnerability scanning)

    • Compare data gathering methods

    • Compare risk assessment methods and tools

    • List expectations for documenting assessment results

    • List steps to mitigate risks of being a risk assessor

    Module 6: Analyzing risks: how much it's worth • Compare
    quantitative and qualitative risk analysis

    • Describe methods to calculate quantitative risk

    • Define probability classes

    Module 7: Documenting risk treatment plans: how

    to protect assets • Define risk management strategies

    • Describe how to select risk treatment plans (physical,
    technical, social) appropriate to analysis results

    • Describe the importance of documenting a policy to review
    risk management needs

    Course data sheet

    Follow us:

    Module 8: Planning for resiliency: how to continue

    your business

    • List the sections of a Business Continuity Plan document

    • Describe the BCP's underlying plans

    • List other BC-related plans and their contents

    • Position the Disaster Recovery Plan with respect to the
    BCP

    • List key elements for a Disaster Recovery plan

    • Compare Disaster Recovery strategies for your company

    • Compare levels of redundancy and retention

    • Identify roles and responsibilities for recovery teams

    • Optimize distribution and utility of documents

    Module 9: Implement risk treatment plan • Integrate the
    project requirements across risk, BCP, and DRP plans

    • Follow project management best practices to implement
    plans for risk treatment across the organization

    • Describe the steps to take during a security incident

    • List the elements of a security incident report

    • Identify what constitutes an incident

    • Describe the process to collect evidence related to an
    incident

    Module 10: Failing back • Discuss what happens when you're
    ready to go back

    • Evaluate the opportunity to upgrade business effectiveness
    and/or resiliency

    • Describe the steps

    Module 11: Auditing risk management

    implementation and testing BCP procedures

    • Differentiate between an audit and an assessment

    • Define the characteristics of an audit

    • Describe when an audit may be applicable

    • Predict evidence requested during an audit process

    • Compare risk management audit, compliance audit, and BCP
    testing

    • Describe the levels of testing for BCP/DRP plans

    Module 12: Summary and case study • Test your knowledge

    • Given sufficient detail, design an appropriate risk
    strategy

    Module 13: Business continuity

    planning—Next steps

    • Ask the right questions to determine where your company
    currently stands

    • Champion the need for Business Continuity Planning with
    your management

    • Determine how much help you need and get it

    FOLLOW ON COURSES:
    Not available. Please contact.

    Tilleggsinformasjon

    Varighet

    2 dag(er)

    Språk

    Engelsk/Norsk kursmateriell, Engelsk/Norsk kursholder

    Sted

    Virtuelt (90% av våre kurs blir tatt opp)/Vi setter opp kurs over hele landet