Certified Risk Champion

Course Duration: 22 hours /2.5 days

About the Program

The Enterprise Risk and Compliance workshop is a 2-day Certifiable Program that covers a wide-array of Information Security topics. The program has been designed to ensure that managers are equipped with the basic understanding and knowledge of Organizational Risk and Mitigation strategies that they can readily use in their workplace to define and maintain a strong Enterprise Security Framework.

Information Security – An Overview
  • Defining Information Security and Risk
  • Understanding Threats, Vulnerabilities and their Interplay
  • Understanding Security Risk in Depth
  • Workshop exercises and Case Studies
Enterprise Risk Management Framework
  • Risk Management Practices
  • Risk Assessment
  • Risk assessment methodology
  • Risk approaches
  • Threat Profiling
  • Threat Modeling
  • Calculating risk
  • Authentication vs. Authorization
  • Data classification
  • Vulnerabilities
  • Defense in-depth
  • Computer security policies
  • Policies, Procedures and Working Guidelines
  • Workshop Exercise on Risk Assessment and Risk Management
Information Security Compliance
  • Importance of Risk Management for Compliance
  • Linking the Risk Treatment Plan to the Compliance Framework
  • Compliance Standards around the world – An Overview
  • The ISO-27001:2005 Standard and Implementation Framework
  • Success Factors – ISO-27001
  • Management Commitment to Security
  • Measurement of Effectiveness of Controls
  • Information Security Policies and Procedures
  • Security Management – Organization Structure
Incident Response and Incident Management
  • Designing a Comprehensive and Proactive Incident Management Framework
  • Identifying Incidents
  • Performing Root Cause Analysis
  • Incident Response and Closure
  • Leanings from Incidents and Corrective Action
  • Workshop Exercises
Business Continuity and Disaster Recovery
  • Policies and Procedures – Information Security
  • Roles and responsibilities
  • Contingency and Business continuity planning
  • Legal and regulatory requirements
  • Disaster recovery strategy and plan
  • Business impact analysis
  • Incident Reporting and Handling