Objectives:
- How to take control of Risk Management Programme and learn appropriate methods.
- How to identify and address risk and compliance issues as presented within a global economy.
- How to design and leverage Risk Management Programme to reduce cost and risk through effective prioritisation and processes.
- Appreciate legal, technical and management risk within the Enterprise Environment and how to quantify these effectively.
- Appreciate the external risk of cyber crime.
- How to measure the financial value of Data Security and Risk Management and communicate these to line executives effectively.
- How governance and risk management trends are affecting corporate enterprises.
- International Standards for Data Security and Risk Management and best practice for managing compliance for security, crisis management, disaster recovery and high resilience and availability.
The Content:
Development of Enterprise Architecture
- Introduction, Development and Role in Modern Enterprise
- Strategic, Tactical and Operational Considerations
- Key Considerations in Development of Enterprise Architecture
- Enterprise Architecture Project Management Considerations
Objectives of Security and IT Security Management Risk Assessment and IT Risk Management
- Categorising and Managing Risk
- Risk Analysis and Threat Identification Methodologies
- Vulnerability Analysis
- Understanding the need for effective Risk Management
- Legal and Regulatory Considerations
- Key Strategic and Security Considerations
The Need and Benefits for Information Security
- Electronic and physical risk
- Utilising Information Security to protect business assets
- Information and Data Risk Management
- Data and asset classification
Data Security
- Ensuring Information Security in an Enterprise Wide Environment
- Vulnerability Assessments
- Management and Technical Control Measures with Systems and Network Design
Legal and Regulatory Considerations
- Data Protection
- Intellectual Property
- Contracts and Commercial Liability
Data Sharing and Best Practice
- Defining data classification and business ownership
- Establishing Memorandum of Understanding/Transfer Agreements
- Best Practice Guidance for data sharing
- Avoiding common errors and liability
Overview of International Standards and Best Practice Introduction to computer system design and enterprise design security
- Types of electronic and management controls for electronic information
- Network, Operating System and Application controls and password schemes
- Ensuring Confidentiality, Integrity, Availability, Authenticity and Accountability
- Overview of ISO27002 Code of Practice for Information Security Management and Relevant Controls
Provisions and challenges
- ISO 3100 Risk Management Principles and Guidelines
- Challenges within Enterprise Architecture and IS environments
- Common Oversights with Enterprise Architecture and IS Environments
- Risk Management and Compliance
- Success Factors for Effective Enterprise Data Security Management
