This course deals with how IT helps to achieve an appropriate balance between realizing opportunities for gains while minimizing losses. It is an integral part of good management practice and an essential element of good corporate governance. It is an iterative process consisting of steps that, when undertaken in sequence, enable continuous improvement in IT decision-making and facilitate continuous improvement in IT performance.
Objectives
IT risk management course covers how to establish an appropriate infrastructure and culture and apply a logical and systematic method of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating IT risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize gains. At the completion of this course, the participants should be able to :
- Conceptualize organizations risk management within IT processes
- Identify and analyze risks within IT operations and understand the implications to the whole business operation
- Improve IT operation risk level thru the application and implementation of IT risk management methodology and best practices
- Support the attainment of organizational business objectives by providing comprehensive perspective of IT risk management to the executive management of the organization
- Plan to implement tool for identifying, analyzing, eradicating and communicating the risks within the cycle of risk management
Course Contents and Descriptions
Segment 1: Risk Management Introduction
The segment defines Process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and deciding what countermeasures
Segment 2: Risk Management Processes
The participants learn to recognize the following issues in the risk management processes such as:
- Identification and classification of information resources or assets that need protection
- Assess threats and vulnerabilities and the likelihood of their occurrence Identification and classification of information resources or assets that need protection
- Assess threats and vulnerabilities and the likelihood of their occurrence
Segment 3: Risk Indicators
This segment shall describe on the need of IT risk management to operate at multiple levels with divesified risk indicators including:
- Operation: risks that could compromise the effectiveness of IT systems and supporting infrastructure
- Project: risks management needs to focus on the ability to understand and manage project complexity
- Strategic: the risk focus shifts to considerations such as how well the IT capability is aligned with the business strategy
Segment 4: Loss Event Database
The segment shall describe to the participants on intentional and unintentional action that causes data loss, and highlight on organizational responsibility such as:
- preventing data loss
- recovery from data loss
- Cost of data loss
Segment 5: Effective Risk Management
This segment shall describe to the participants how to establish effective risk management program that covers:
- Establish purpose of the risk management program
- Assign the responsibility for the risk management
Segment 6: Risk Management Maturity
This segment shall describe the road-mapping of risk management as related to IT processes; the framework will be based on the CMM maturity level concept.
Segment 7: IT Risk Management
This segment shall describe on the Information Technology risk management which is part of the organization IT governance encompassing such as: the identification, assessment, and prioritization of IT operation risks, and followed by coordinated and economical application of IT resources to minimize, monitor, and control the probability and/or impact of unfortunate events.
Segment 8: Cases
IT risk management cases
Target Audience
- Managers involved and related in the IT operations
- IT staff and executives involved in risk management and business process improvement
- Information technology professionals involved in projects that are concerned, in part, with the automation of business processes
- IT professionals especially from companies regulated to implement risk management and IT risk management such as banks and state-owned enterprises.
Duration : 3 Days
Trainer / Facilitator