; IT Risk Management & Leadership 14 - 17 April 2013 Dubai
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

IT Risk Management & Leadership 14 - 17 April 2013 Dubai

VIEWS: 13 PAGES: 4

WHY IS THIS IT RISK ASSESSMENT WORKSHOP IMPORTANT? Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information? Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units? With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to? The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission. Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks. BENEFITS OF ATTENDING THIS WORKSHOP Identify common IT project risks Learn how to assess threats and vulnerabilities to create a risk response strategy Understand what qualifies as risk with IT projects Understand the most common IT risk sources Qualify and quantify IT risks Learn the difference between negative and positive IT risks Develop an IT risk management plan Plan risk response methods for IT risks Create risk mitigation and contingency plans Monitor and control project risks Overcome resistance from stakeholders and team members Contact Kris at kris@360bsi.com to register.

More Info
  • pg 1
									                                                   INFORMATION
                                                   TECHNOLOGY
                                                   RISK
                                                   MANAGEMENT &
                                                   LEADERSHIP


                                                   14 - 17 APRIL 2013
                                                   RADISSON BLU
IT                                                 DUBAI DEIRA CREEK
SERIES                                             UNITED ARAB EMIRATES


  COURSE OVERVIEW                                                                                           YOUR INTERNATIONAL
  Are you effectively securing your organization’s IT systems that store, process, or
  transmit organizational information?
                                                                                                            COURSE FACILITATOR
  Is your IT risk management plan tailored to the specific risk profile of your business and
  being coordinated across all functional and business units?                                                                 Dr Mark T. Edmead
                                                                                                                              MBA, CISSP, CISA, CompTIA Security+
  With the release IT Governance frameworks, requirements for risk management
  and new international standards entering the market, the pressure is mounting                                               IT Security
  to ensure that all your IT risks are identified and the necessary action is taken – be                                      Consultant & Trainer
  this to mitigate them, accept or ignore them. So, how safe is your IT system? What                                          MTE Advisors
  are the risks that your organization is being exposed to?
                                                                                                           Mark T. Edmead is a successful technology entrepreneur
  The solution to this challenge is to establish an effective risk management                              with over 28 years of practical experience in computer
  process that protects the organization, not just its IT assets, and provides it with                     systems architecture, information security, and project
  the ability to perform its mission.                                                                      management.
                                                                                                           Mark excels in managing the tight-deadlines and ever
  Risk management is the process of identifying and assessing risk and taking                              changing tasks related to mission-critical project
  preventive measures to reduce it to an acceptable level. It is critical that you                         schedules. He has extensive knowledge in IT security, IT
  develop an effective risk management program that assesses and mitigates risks                           and application audits, Internal Audit, IT governance,
  within your IT systems and better manages these IT-related mission risks.                                including Sarbanes-Oxley, FDIC/FFIEC, and GLBA
                                                                                                           compliance auditing.
                                                                                                           Mr. Edmead understands all aspects of information
                                                                                                           security and protection including access controls,
                                                                                                           cryptography, security management practices, network
  BENEFITS OF ATTENDING                                                                                    and Internet security, computer security law and
                                                                                                           investigations, and physical security.
      Using a carefully selected case study, course participants will:
                                                                                                           He has trained Fortune 500 and Fortune 1000 companies
      • Identify common IT project risks                                                                   in the areas of information, system, and Internet security.
      • Learn how to assess threats and vulnerabilities to create a risk response strategy                 He has worked with many international firms, and has the
                                                                                                           unique ability to explain very technical concepts in
      • Understand what qualifies as risk with IT projects & the most common IT risk sources               simple-to-understand terms. Mr. Edmead is a sought after
      • Qualify and quantify IT risks                                                                      author and lecturer for information security and
                                                                                                           information technology topics.
      • Learn the difference between negative and positive IT risks
                                                                                                           Mark works as an information security and regulatory
      • Develop an IT risk management plan                                                                 compliance consultant. He has:
      • Plan risk response methods for IT risks                                                            • Conducted internal IT audits in the areas of critical
      • Create risk mitigation and contingency plans                                                       infrastructure/ systems and applications,
      • Monitor and control project risks                                                                  • Assessed and tested internal controls of critical
      • Overcome resistance from stakeholders and team members                                             infrastructure platform systems (Windows, UNIX, IIS, SQL,
                                                                                                           Oracle)
                                                                                                           • Assessed and tested internal controls of various critical
                                                                                                           financial applications.
                                                                                                           • Prepared risk assessments and determined risks to
           :
  EXCLUSIVE:                  COURSE QUESTIONNAIRE & TAKEAWAYS                                             c
                                                                                                           critical financial data systems and infrastructure
                                                                                                           c
                                                                                                           components.
  1. An extensive IT Security Architecture Questionnaire that will help you
     An extensive Security Architecture Questionnaire that will help
         extensive Security Architecture Questionnaire that
                       c                                           help                                    • Created test plans & processes and executed test plans.
                    organization’s
     evaluate your organizati ’ security position.
                         i tii          it    iti
  2. FREE CoBIT 4.0 IT Governance Assessment Evaluation Spreadsheet                                        • Conducted reviews of existing systems and
                                                                                                           a
                                                                                                           applications, ensuring appropriate security, management
  3. Take with you templates and worksheets to aid you in applying and putting                             a
                                                                                                           and data integrity via control processes.
     into practice what you have learned from this workshop.
  4. FREE copy of course material, case studies, and other related items of the                            • Prepared written reports to all levels of management
     training workshop                                                                                     • Participated in audit review panel sessions to address
                                                                                                           r
                                                                                                           results, conclusions and follow-up actions required.

  ©   360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jal Bukit Bin g, 55100 Kuala Lump , Malaysia
          BSI (M)     Bhd (833835-X) L l Pavilion KL, 168 Jalan Bukit Bintang,
                          (833835 X)          Pavilion                                      Lumpur, Malaysia.
                                                                                      Kuala Lumpur Mala                                                              1
    COURSE
    CONTENT
DAY1 IT RISK MANAGEMENT
     LEADERSHIP WORKSHOP                                                          WHY THIS EVENT
    IT Risk Management Leadership Workshop is a special one-day course            The aim of this interactive workshop is to provide
    designed to teach information security professionals how to become an         you with the skills critical to IT Risk Management.
    effective information security manager. In addition, you will learn tips
    and techniques that will increase your competence and confidence when         After attending this workshop, you will leave
    influencing information security in your organization.                        fully armed with the knowledge needed
                                                                                  effectively secure your organization’s IT systems
    Implementing IT Risk Management in an organization is a major effort.         & infrastructure. You will be able to establish an
    This requires coordination with all departments. It requires interfacing      effective risk management program to assess
    with individuals at all levels from technicians and programmers to
                                                                                  and mitigate risk, and protect your IT assets.
    managers, directors, and C-level executives.
                                                                                  The combination of interactive presentations,
    In this workshop you will learn how perform a stakeholder analysis,           hands-on exercises and open discussion groups
    outline the stakeholders required to accomplish your job, and how to          along with real case studies, ensures you will
    effectively navigate the possible roadblocks preventing you from              obtain maximum value from attending.
    accomplishing your tasks. In addition, you will learn tips and techniques
    that will increase your competence and confidence when influencing
    and implementing information technology in your organization.

    Managing the IT Risk Management Process
    - Creating an IT Risk Management framework
    - Determining your critical success factors (CSF)
    - Determining your key performance indicators (KPI)
    - Challenges in managing the process

    Understanding your Corporate Culture
    - Understanding your organization’s trends, strategy and environment
    - Tips, tricks, and trouble spots
    - Developing a business continuity management culture
    - Exercising, maintenance, and audit

    Understanding your Stakeholders
    - How to identify your key stakeholders
    - Performing a stakeholder analysis
    - Creating a stakeholder engagement communication plan
    - Getting stakeholder engagement and support




DAY2 UNDERSTANDING THE NEED FOR
     IT RISK MANAGEMENT                                                           WHO SHOULD ATTEND
    In this section we will discuss why is it important to consider information     Vice Presidents, Directors, General Managers
    technology risks and the impact if an assessment is not performed.              Chief Information Officers
                                                                                    Chief Information Security Officers
    - Use of IT risk management in an organization
    - The importance of IT risk management                                          Chief Technology Officers
    - IT risk management and ownership                                              IT Risk Managers
    - What is risk assessment?                                                      IT Security Managers
                                                                                    Compliance Officers
    Establishing the context of risk in your business                               Program and Project Managers
    - Why your organization needs IT risk management                                IT Project Managers
    - Consequences for inadequate or no IT risk management activities               IT Operation Managers
    - The benefits of implementing IT risk management




                                                                                                                                   2
    COURSE
    CONTENT
DAY3 UNDERSTANDING IT SECURITY
     FRAMEWORKS AND STANDARDS                                                        Latest TESTIMONIALS
    An understanding of the various information technology frameworks
    and standards, and the basics of information security is necessary to            1                 organized.               very
                                                                                         “Session well organized The trainer is ver
    better understand how to assess the risks associated with the security               conversant with the subject matter. Well delivered
    implementation.                                                                      and would definitely recommend to anyone else.”
                                                                                         - Habil Mutende, Manager Information Security & Change
    - ISO 27001                                                                          Management, Central Bank of Kenya
    - COBIT IT Governance Framework
    - NIST SP-800                                                                    2   “Excellent presentation, excellent attitude to
                                                                                         answer our questions & to share his experience.”
    Information security fundamentals                                                    - Senior Manager, IT Department, Deloitte
    - Confidentiality, integrity, and availability
    - Accountability, non-repudiation, identification                                3   “I have used Mark in key roles with high visibility
    - Understanding information assurance                                                clients. Without hesitation I would highly
                                                                                         recommend Mark for any and all IT audit
    Developing an IT risk management strategy                                            engagements. His professionalism, deep
    - How to perform a high-level risk assessment                                        knowledge, and results oriented work style are
    - Understanding your business risk appetite                                          deeply valued by not only myself, but more
    - Establishing your criteria for risk acceptance                                     importantly by the all those who are lucky enough
    - Complying with industry, legal, and/or regulatory requirements                     to use his services.” - Russ Aebig, Director at Artesient

                                                                                     4   “We have used Mark Edmead on several projects in
                                                                                         the past few years including SOX readiness for
                                                                                         publicly traded companies and IT vulnerability
DAY4 UNDERSTANDING THE IMPACT OF                                                         assessments for major financial institutions. He
                                                                                         always delivers professional and detail-oriented
     IT RISK TO YOUR ORGANIZATION                                                        workpapers on-time and within budget. Mark is
                                                                                         highly recommended and we will continue to use
    The risk “appetite” of an organization will vary depending on several                him on other projects.” - Brenda Piazza, Director at CBIZ MHM
    variables. It is critical to understand what is it that you are protecting and
    the impact of a threat in the event it becomes real.
    - How to identify tangible and intangible assets
    - Determining the value of these assets
    - Comparing asset value versus control mitigation costs
    - Conducting a business impact analysis

    Applying risk management controls
    - Finding the right control to manage risk
    - Using best practice frameworks
    - How to manage residual risk

    Implementing an IT risk monitoring process
    - Performing periodic reviews
    - How to reporting IT risk status
    - Creating a risk reporting plan

    The IT Risk Management Document
    - Outline of the IT Risk Management document
    - Keeping your document up-to-date
    - Getting stakeholder support and acceptance
                                                                                     COURSE SCHEDULE
                                                                                     8.00                              Registration & Coffee/Tea
                                                                                     8.30                              Workshop commences
                                                                                     10.10 - 10.30                     Morning coffee/tea
                                                                                     12.00 - 13.00                     Lunch
                                                                                     14.40 - 15.00                     Afternoon coffee/tea
                                                                                     16.00                             End of day




                                                                                                                                                   3
INFORMATION
TECHNOLOGY                                                                                            REGISTRATION FORM
RISK
MANAGEMENT &                                                                                          Fax: +603 9205 7788
LEADERSHIP
                                                                                                      Tel: +603 9205 7772
                                                                                                      Mobile: +6016 3326 360
14 - 17 APRIL 2013
RADISSON BLU
DUBAI DEIRA CREEK                                                                                     Email: kris@360bsi.com
UAE

 DELEGATES                                                                                                IN-HOUSE TRAINING
 1   Name         :                                                                                       360 BSI is passionate about providing strategic IT programs
                                                                                                          and high potential training solutions across the region to build
     Name on tag :                                                                                        personal competencies and organizational capability.
     Job Title :                                                                                          You will receive practical training from a professionally
                                                                                                          qualified educator with over twenty years of teaching and
     Email        :                                                                                       training experience.
     Mobile       :                                                                                       Please feel free to mix-and-match topics from the areas listed
                                                                                                          below to get the right training content for your staff. Other
 2   Name         :                                                                                       topics may be available upon request.
     Name on tag :
                                                                                                          OTHER RELATED PUBLIC COURSES
     Job Title :
                                                                                                                  IT Strategic Planning
     Email        :                                                                                               Service Oriented Architecture (SOA)
                                                                                                                  Business Continuity and Disaster Recovery
     Mobile       :                                                                                               Preparing for the CISSP exam
                                                                                                                  Cybercrime & Fraud Investigation
 3   Name         :
                                                                                                                  IT Change Management
     Name on tag :                                                                                                IT Project Management
     Job Title :
                                                                                                      Hotel Contact Details:
     Email        :                                                                                   For Room Reservation, contact for 360BSI corporate rates.
                                                                                                      Telephone: 00971 4 2057105 Fax: 00971 4 2234698
     Mobile       :                                                                                   E-mail: reservations.dxbza@radissonblu.com
                                                                                                      Radisson BLU Hotel, Dubai Deira Creek
     AUTHORIZATION                                                                                    Baniyas Road, P.O. Box 476, Dubai, UAE
     (This form is invalid without a signature)                                                       General Information:
     Name             :                                                                               1    Closing date for registration is 7th April 2013.
                                                                                                      2    The fees cover lunch, tea breaks, materials and certificate.
     Job Title        :                                                                               3    Official confirmation will be sent, once registration has
     Email            :                                                                                    been received.
                                                                                                      4    Participants will need to arrange their own accommodation.
                                                                                                      5    Attire: Smart Casual
     Tel :            (      )
                                                                                                      Cancellations/Substitutions
     Organization :
                                                                                                      Substitutions are welcome at any time. Please notify us at
     Address :                                                                                        least 2 working days prior to the event. All cancellations will
                                                                                                      carry a 10% cancellation fee, once a registration form is
                                                                                                      received. All cancellations must be in writing by fax or email
                                                                                                      at least 2 weeks before the event date. Cancellations with
                                                                                                      less than 2 weeks prior to the event date carry a 100% liability.
                                                                                                      However, course materials will still be couriered to you.
     Signature :                                              Date:              /         /
                                                                                                      Thank you for your registration!
 FEES                                                                                                 PAYMENT DETAILS
                                                                                                      Payment is required within 5 days upon receipt of
      USD 2,995 per delegate                                                                          the invoice.

      USD 2,795 per delegate - register before 24-FEB-2013                                            Bank transfer:

      USD 8,085 - Special for Group of 3                                                              360 BSI (M) Sdn Bhd
 The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable
                                                                                                      HSBC Bank Malaysia Berhad
 the client has to ensure that the taxes are paid on top of the investment fee paid for the course.   Bukit Bintang Branch, Kuala Lumpur, Malaysia
 Compliance with the local tax laws is the responsibility of the client.
                                                                                                      Account No: 203-371059-725
                                                                                                      Swift No: HBMBMYKL
 * Save up to 50% for In-house Training program
                                                                                                      All payments must be received prior to the event date

 ©      360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia.               www.360bsi.com/IT                        4

								
To top