The last decade’s rapid acceleration of network technology and the unparalleled growth of the Internet have led to increased risks to information and systems. Continuous advancements in technology and the relative ease with which people are able to access, manipulate, and store information has further compounded such risks, especially with organizations and society heavily dependent on information and systems for survival.

This course explores the world of technology and information security from a risk management perspective. Through an understanding of history and the examination of trends in today’s technology landscape, the course investigates the sources of risk and its business implications.

By the end of this course, students should be able to:

• Defend the need for security risk-based management based on an understanding of opportunity costs, within the confines of regulation and client expectations.
• Identify and develop awareness of risk sources involving people, processes, information, and technology.
• Defend enterprises through an understanding of the anatomy of attacks and the building of sustainable defense-in-depth (DiD) strategies to mitigate current and emerging attacks.
• Review and develop an on-going and sustained approach to security risk-management throughout the enterprise.

• IT Director/IT Manager
• Information security Core Team or anyone with responsibility for, or with an interest in.

Overview of Risk Management, Security, and Governance:

• Overview of risk management and its life cycle
• Business implications of security management, including risk and opportunity management (costs and benefits)
• Understanding and reviewing risk management frameworks, standards, and practices

Overview of Risk Management, Security, and Governance:

• Essentials of risk governance and legislation
• Roles and responsibilities for security risk management
• Articulating clear goals for enterprise risk management

Identifying Sources of Risk:

• Understanding residual risks as well as threats, vulnerabilities, and organizational assets
• Knowledge of different types of security threats and attacks
• Physical versus logical security
• Network, database, and application level security

Identifying Sources of Risk:

• Understanding security risks in enterprise processes and employees
• Emerging sources of risk: outsourcing, cloud, critical infrastructure, and cyber security
• Technology projects, the SDLC and security risk planning

Dealing with Security Risks:

• Anatomy of security threats and attack modeling
• Security and the risk management life cycle
• Quantitative vs. qualitative risk methodologies
• Technical and non-technical risks management (Security policies, standards, guidelines, and governance)

Dealing with Security Risks:

• Mitigation strategies and developing response plans (IRP, DRP, and BCP)
• Technology projects, the SDLC, and security risk design and management
• Developing Security-in-Depth

Ongoing Management of a secure enterprise:

• Review of your risk and security management program
• Review of security policies, standards, guidelines, and procedures
• Review of security and enterprise governance frameworks

Ongoing Management of a secure enterprise:

• Documentation of lessons learned
• Security awareness, training, and education

International Center for Training & Development (ICTD) will award an internationally recognized certificate(s) for each delegate on completion of training.

A variety of methodologies will be used during the course that includes:

• (30%) Based on Case Studies
• (30%) Techniques 
• (30%) Role Play
• (10%) Concepts
• Pre-test and Post-test
• Variety of Learning Methods
• Lectures
• Case Studies and Self Questionaires
• Group Work
• Discussion
• Presentation

To be advice as per course location. This rate includes participant’s manual, Hands-Outs, buffet lunch, coffee/tea on arrival, morning & afternoon of each day.

Daily Course Timings:

    08:00 - 08:20       Morning Coffee / Tea

    08:20 - 10:00       First Session

    10:00 - 10:20       Coffee / Tea / Snacks

    10:20 - 12:20       Second Session

    12:20 - 13:30       Lunch Break & Prayer Break

    13:30 - 15:00       Last Session