Managing the risks of an IT department
Training for Information Security Officers
Core processes of a comprehensive risk management system
See also:
Modelling IT-Grundschutz
Overview of all awareness and IT training courses.
Beschreibung
Learning objectives
After the training, you will be able to implement a risk management system for the IT department. You will be able to define the responsibilities, tasks, roles and competences and you will know how to systematically identify, survey, assess and appropriately deal with threats and risks arising from the organisation, processes and technology. The practical examples and exercises are based on ISO27005, but can also be based on other models if desired.
You will be able to prepare risk catalogues and risk treatment plans and develop and communicate risk strategies to decision-makers, taking into account the costs and risk appetite of the organisation. Practical tips and methodologies for monitoring the effectiveness of risk management round off the training.
Intended audiences
- Information security officers (ISB)
- Managing staff of the IT department
Recommended prior knowledge
- Basic knowledge of the classic information security assessment criteria: confidentiality, integrity and availability
- Basic knowledge in the use of spreadsheets and spreadsheet software (Excel, Calc)
- Knowledge of project and service management
- Knowledge in monitoring, supervision and control of processes
General information
Training details
- In-house training or in our training room (region Marburg, Hesse)
- Dates and duration: Flexible and depending on number of participants and previous knowledge
- Detailed training materials incl. (German)
- Incl. access for the e-learning platform for the provision of electronic accompanying materials and e-learning content (German)
Training content (customisable).
Control systems and basic terms
- External frameworks and governance issues
- Internal frameworks and control systems
- Basic risk management terms
Building up risk management
- Principles, roles and tasks
- Interfaces and reference to the internal control system (ICS)
- Core processes of risk management
- Strategic and operational guidelines
- Risk analysis and business impact analysis (BIA)
Operate risk management system
- Tools and tools for enterprise-wide risk management
- Tools for risk analysis and reporting
- Monitoring: activities and control objectives
- Techniques, models, success indicators and metrics