Training Syllabus:
IT RISK MANAGEMENT
based on
Various Frameworks, Standards, and Models:
BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001, BS 25999 ,NIST’s SP-800-30 OCTAVE™, ISO 27005
TRAINING DESCRIPTION:
The IT risk management is the application of risk management to Information technology context in order to manage IT risk, i.e.:
The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.
IT risk management can be considered a component of a wider Enterprise risk management system.
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
This training is built around globally accepted standards such as ISO 31000:2009 and frameworks such as ISACA’s Risk IT, and NIST and OCTAVE guidelines for risk management.
TRAINING OBJECTIVES:
Identify where and how to reduce known/unknown IT risks
Identify areas of cost-benefit optimization and thus reduce IT expenditure
Understand the ISO 31000:2009 standard and its applicability to the corporate environment
Understand risk assessment as addressed in BASEL II, ISO 20000, ISO 27001, ITIL, COSO, COBIT, BS 25999 and its relevance to IT
Understand the different IT Risk Assessment Standards, Models and Methodologies – NIST’s SP-800-30, and OCTAVE™, ISO 27005
Insights on practical use of risk assessment and control evaluation techniques
TRAINING MATERIAL OUTLINE:
DAY 1:
1. Background:
Briefing on Definition of Risk and Risk in context of Information Technology
Discussion and recording: Known risk scenarios
IT Risk Management Initiative
Project Planning Requirements
2. Groundwork:
General Risk Scenarios
Understanding Business-specific, industry-specific, region/location-specific scenarios
Recording the scenarios
3. Management Buy-in
Degree of business dependence on information technology
Understanding and recording technology-specific risks
Tying in general risk scenarios with IT risks
Techniques of building business case
Budgeting
4. Project Planning
5. Resource Identification and Allocation
6. Understanding the Concepts and Techniques
IT Risk Management Cycle
Technology and business drivers
Risk Terms – Asset, Threat, Threat Agent, Threat Event, Vulnerability, Countermeasure, Risk, Residual Risk
Risk Assessment Methodology
ISO 31000:2009 Overview
7. Exercises, and Discussion
DAY 2:
8. IT Risk Assessment:
IT Process Selection
IT Component Selection
Approach Selection
Risk Discussion :
Risks from IT Strategy adopted
Risks from IT Processes and Plans
Risks from Networks and Systems
Risks from Business Applications
Risks from Internal Application
Risks from Devices – Security Implementation, Disaster Recovery, Business Continuity
Risks from Internal and External customers
Applying ISO 31000 and Risk IT for Risk Assessment
Challenges and Solutions
Case Study I
9. Exercises, and Discussion
DAY 3:
10. IT Risk Mitigation :
IT Risk Mitigation Options
IT Risk Mitigation Strategy
Controls’ Identification and Analysis
Cost Benefit Analysis
Calculating Residual Risk
Case Study II
Applying ISO 31000 and Risk IT for Risk Mitigation
11. Evaluation IT Risk Management Cycle :
Project Evaluation
Learning from Selection and Execution techniques
12. Integrating IT Risk Management with various frameworks and standards – BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001, BS 25999 ,NIST’s SP-800-30,, OCTAVE™, ISO 27005
13. IT Risk Management Cycle: A Revision
14. Exercises, and Discussion
DAY 4:
15. Special Project / Case Study “ IT Risk Assessment” (part 1)
DAY 5:
16. Special Project / Case Study “ IT Risk Assessment” (part 2)
VENUE : Jakarta (Maxone Hotel Menteng, Balairung Hotel Matraman, Sentral Hotel, Haris Tebet, Gd Muamalat Institute, Ibis Manggadua, Little Amaroossa Residence, Cosmo Amaroossa, Zodiak MT. Haryono, Grand Tjokro)
TRAINING DURATION : 5 days
TRAINING TIME :
| Januari 2025 | Februari 2025 | Maret 2025 | April 2025 |
| 6 - 10 Januari 2025 | 3 - 7 Februari 2025 | 3 - 7 Maret 2025 | 7 - 11 April 2025 |
| 13 - 17 Januari 2025 | 10 - 14 Februari 2025 | 10 - 14 Maret 2025 | 14 - 18 April 2025 |
| 20 - 24 Januari 2025 | 17 - 21 Februari 2025 | 17 - 21 Maret 2025 | 21 - 25 April 2025 |
| 27 - 31 Januari 2025 | 24 - 28 Februari 2025 | 28 Apr - 3 Mei 2025 | |
| Mei 2025 | Juni 2025 | Juli 2025 | Agustus 2025 |
| 5 - 9 Mei 2025 | 2 - 6 Juni 2025 | 1 - 5 Juli 2025 | 4 - 8 Agustus 2025 |
| 12 - 16 Mei 2025 | 9 - 13 Juni 2025 | 7 - 11 Juli 2025 | 11 - 15 Agustus 2025 |
| 19 - 23 Mei 2025 | 16 - 20 Juni 2025 | 14 - 18 Juli 2025 | 18 - 22 Agustus 2025 |
| 26 - 30 Mei 2025 | 23 - 27 Juni 2025 | 21 - 25 Juli 2025 | 25 - 29 Agustus 2025 |
| 28 Juli - 1 Agus 2025 | |||
| September 2025 | Oktober 2025 | November 2025 | Desember 2025 |
| 1 - 5 September 2025 | 6 - 10 Oktober 2025 | 3 - 7 November 2025 | 1 - 5 Desember 2025 |
| 8 - 12 September 2025 | 13 - 17 Oktober 2025 | 10 - 14 November 2025 | 8 - 12 Desember 2025 |
| 15 - 19 September 2025 | 20 - 24 Oktober 2025 | 17 - 21 November 2025 | 15 - 19 Desember 2025 |
| 22 - 26 September 2025 | 27 - 31 Oktober 2025 | 24 - 28 November 2025 | 22 - 26 Desember 2025 |
| 29 Sep - 3 Okt 2025 |
INVESTMENT/PERSON :
1. Rp. 9.500.000/person (full fare) or
2. Rp. 9.250.000/person (early bird, payment 1 week before training) or
3. Rp. 8.950.000/person (if there are 3 persons or more from the same company)
FACILITIES FOR PARTICIPANTS:
1. Training Module
2. Flash Disk contains training material
3. Certificate
4. Stationeries: NoteBook and Ballpoint
5. T-Shirt
6. Backpack
7. Training Photo
8. Training room with Full AC facilities and multimedia
9. Lunch and twice coffeebreak every day of training
10. Qualified Instructor