Example: barber

ISACA - Firebrand Training

KIT CODE: K-313-01 ISACA CRISC Certification (Certified in Risk and Information Systems Control) Courseware Version 16/7/2017 2017 Firebrand CRISC Certified in Risk and Information Systems Control Firebrand Custom Designed Courseware6/7/2017 2017 Firebrand LogisticsStart TimeBreaks End TimeFire escapesInstructorIntroductions Firebrand Training Ltd26/7/2017 2017 Firebrand The Examination150 multiple choice questionsFour hours to completeComputer based Various test centers Exam window from: May1 June 30 Aug 1 Sept 30 Nov 1 Dec 316/7/2017 2017 Firebrand Job Practice Areas Firebrand Training Ltd36/7/2017 2017 Firebrand Introduction to Risk6/7/2017 2017 Firebrand RiskRisk is defined as the probability of an event and its consequence Often seen as an adverse event Impacts assets Exploits vulnerabilities6 Firebrand Training Ltd46/7/2017 2017 Firebrand Governance and Risk ManagementGovernance is accountability for the protection of assets of the organisation.

www.firebrandtraining.co.uk KIT CODE: K-313-01 ISACA CRISC Certification (Certified in Risk and Information Systems Control) Courseware Version 4.1

Tags:

  Isaca

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of ISACA - Firebrand Training

1 KIT CODE: K-313-01 ISACA CRISC Certification (Certified in Risk and Information Systems Control) Courseware Version 16/7/2017 2017 Firebrand CRISC Certified in Risk and Information Systems Control Firebrand Custom Designed Courseware6/7/2017 2017 Firebrand LogisticsStart TimeBreaks End TimeFire escapesInstructorIntroductions Firebrand Training Ltd26/7/2017 2017 Firebrand The Examination150 multiple choice questionsFour hours to completeComputer based Various test centers Exam window from: May1 June 30 Aug 1 Sept 30 Nov 1 Dec 316/7/2017 2017 Firebrand Job Practice Areas Firebrand Training Ltd36/7/2017 2017 Firebrand Introduction to Risk6/7/2017 2017 Firebrand RiskRisk is defined as the probability of an event and its consequence Often seen as an adverse event Impacts assets Exploits vulnerabilities6 Firebrand Training Ltd46/7/2017 2017 Firebrand Governance and Risk ManagementGovernance is accountability for the protection of assets of the organisation.

2 Board of Directors Senior Management6/7/2017 2017 Firebrand Governance in each DepartmentFinancial accountabilityOperational effectivenessLegal and human resources complianceSocial responsibilityGovernance of IT investment, operations and control Firebrand Training Ltd56/7/2017 2017 Firebrand Risk and GovernanceRisk management supports governanceManagement requires accurate information to: Understand risk Consider risk mitigation 6/7/2017 2017 Firebrand Governance of ITDirects the current and future use of IT Evaluation of IT Direction of IT Control of IT Firebrand Training Ltd66/7/2017 2017 Firebrand Value CreationEnsure that IT creates value for the organisation Resource optimisation Benefits realisation Risk optimisation6/7/2017 2017 Firebrand Four Questions of we doing the right things?

3 We doing them the right way? we getting them done well? we getting the benefits? Firebrand Training Ltd76/7/2017 2017 Firebrand Risk Governance and maintain a common view of risk management into the risk-aware business that risk management controls are implemented and operating correctly6/7/2017 2017 Firebrand Enterprise Risk ManagementRisk must be managed in a consistent manner across the enterpriseA risk in one area is a threat to all other areas of the enterprise Firebrand Training Ltd86/7/2017 2017 Firebrand Risk StandardsISO/IEC 31000 ISO/IEC 27005 Information security risk is the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation 6/7/2017 2017 Firebrand Risk LevelsAffected by.

4 Intent and capability of a threat source Value of an asset Presence of a vulnerability Reliance on supply chain or third party Financing or debt Partners Firebrand Training Ltd96/7/2017 2017 Firebrand Forward ThinkingRisk Management foresees challenges that could affect business objectives Lowers the likelihood (chances) Lowers the impact Maximises opportunities6/7/2017 2017 Firebrand IT Risk RelevanceFirst of all it must be remembered that IT risk is a subset of business risk. The impact of an IT incident is primarily measured by its impact on the business, not just by its impact on IT. Firebrand Training Ltd106/7/2017 2017 Firebrand Risk TiersRisk must be considered at all levels Strategic risk changes to market Tactical risk changes in business operations Operational risk challenges with IT systems6/7/2017 2017 Firebrand Context of RiskFactors that must be considered when evaluating risk.

5 Mission of the organisation Regulations Risk appetite of senior management Budget 20 Firebrand Training Ltd116/7/2017 2017 Firebrand Other Risk FactorsChanges in economic conditionsChanges in market trendsEmergence of new competitionImpact of new legislationNatural disastersLegacy equipmentStrained labourrelations6/7/2017 2017 Firebrand Risk Management LifecycleIT Risk IdentificationRisk Response and MitigationIT Risk AssessmentRisk and Control Monitoring and Reporting Firebrand Training Ltd126/7/2017 2017 Firebrand Risk Practitioner (Agenda)The Risk Practitioner may examine areas such as: Business continuity Project risk IT and IS controls IS audit Information security Change management6/7/2017 2017 Firebrand Business ContinuityRisk assessment supports business impact analysis (BIA) and the creation of a business continuity plan (BCP)BCP is concerned with the preservation of critical business functions in the event of an adverse event (risk)

6 The risk practitioner evaluates the effectiveness of the BCP to recover from an incident Firebrand Training Ltd136/7/2017 2017 Firebrand IT Risk and IS AuditAudit provides assurance to management on the effectiveness of IS controls Adequate controls Controls commensurate with risk Objectivity and skill of audit personnel6/7/2017 2017 Firebrand IT Risk and Information SecurityRisk-based, cost-effective controlsIncorrect risk assessment leads to controls that are: Incorrectly designed Poorly implemented Improperly operatedControls are justified by risk and should be traceable back to the risk they are designed to mitigate Firebrand Training Ltd146/7/2017 2017 Firebrand Control RiskIneffective controls Wrong type of controlImproper operation of controlLack of monitoring of control6/7/2017 2017 Firebrand Project RiskProject failure Over budget Late Failure to meet customer needsResults in: Loss of market Failure to seize opportunities Impact on customers, shareholders Firebrand Training Ltd156/7/2017 2017 Firebrand Change RiskChanges may affect risk status.

7 Changes in technology Patches Changes in configuration Changes in operational environmentManage change6/7/2017 2017 Firebrand SummaryGovernanceEnterprise viewFocus on business not just ITAdd value Firebrand Training Ltd16/7/2017 2017 Firebrand CRISC Certified in Risk and Information Systems Control Firebrand Custom Designed Courseware6/7/2017 2017 Firebrand IT Risk Identification Firebrand Training Ltd26/7/2017 2017 Firebrand Job Practice Areas6/7/2017 2017 Firebrand IT Risk Identification ObjectiveIdentify the universe of IT risk to contribute to the execution of the IT risk management strategy in support of business objectives and in alignment with the enterprise risk management (ERM) strategy. Firebrand Training Ltd36/7/2017 2017 Firebrand Key and review information, including existing documentation, regarding the organisation s internal and external business and IT environments to identify potential or realised impacts of IT risk to the organisation s business objectives and Identify potential threats and vulnerabilities to the organisation s people, processes and technology to enable IT risk Develop a comprehensive set of IT risk scenarios based on available information to determine the potential impact to business objectives and 2017 Firebrand Key Topics (continued)

8 Identify key stakeholders for IT risk scenarios to help establish Establish an IT risk register to help ensure that identified IT risk scenarios are accounted for and incorporated into the enterprise-wide risk Identify risk appetite and tolerance defined by senior leadership and key stakeholders to ensure alignment with business Collaborate in the development of a risk awareness program, and conduct Training to ensure that stakeholders understand risk and to promote a risk-aware culture. Firebrand Training Ltd46/7/2017 2017 Firebrand Learning ObjectivesIdentify relevant frameworks, standards and practicesApply risk identification techniquesDistinguish between threats and vulnerabilitiesIdentify relevant stakeholdersDiscuss risk scenario development tools and techniques6/7/2017 2017 Firebrand Learning Objectives (continued)

9 Explain the meaning of key risk management concepts, including risk appetite and risk toleranceDescribe the key elements of a risk registerContribute to the creation of a risk awareness program Firebrand Training Ltd56/7/2017 2017 Firebrand Risk Management LifecycleIT Risk IdentificationRisk Response and MitigationIT Risk AssessmentRisk and Control Monitoring and Reporting6/7/2017 2017 Firebrand The Methodology of Risk ManagementStructured Enterprise-wideConsistentContinuously improving Firebrand Training Ltd66/7/2017 2017 Firebrand Risk Practitioner ResponsibilitiesEvaluate the effectiveness of the organisation s current risk management processesBased on acceptable and recognised good practices: COBIT 5 for Risk COSO ISO 31000 NIST SP800-39 ISO 270056/7/2017 2017 Firebrand Risk IdentificationTo identify the risk is to.

10 Determine the value of the assets bring protected Determine the threats to those assets Identify the vulnerabilities those assets are subject to Document controls currently in place Understand the consequences of risk events Firebrand Training Ltd76/7/2017 2017 Firebrand Risk Identification OutputA list of incident scenarios with their consequences related to assets and business processes6/7/2017 2017 Firebrand Indicators of a Good IT Risk Management ProgramComprehensiveCompleteAuditableJus tifiableLegalMonitoredEnforcedUp-to-date Managed Firebrand Training Ltd86/7/2017 2017 Firebrand Methods to Identify RiskHistorical What has happened previouslySystematic Expert opinion Examine a business process to identify possible points of failureInductive (Theoretical) analysis New technology or process review to determine points of attack6/7/2017 2017 Firebrand Business-related IT RiskInvestment provide value for moneyAccess and Security loss of sensitive dataIntegrity risk of inaccurate dataRelevance wrong information at wrong timeAvailability loss of critical systems/dataInfrastructure legacy, inflexibleProject ownership lack of project support Firebrand Training Ltd96/7/2017 2017 Firebrand Risk RegisterDocument and track all identified risk in one place.


Related search queries