fbpx

IT RISK MANAGEMENT

Training Syllabus:
IT RISK MANAGEMENT
based on
Various Frameworks, Standards, and Models:
BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001, BS 25999 ,NIST’s SP-800-30 OCTAVE™, ISO 27005

TRAINING DESCRIPTION:
The IT risk management is the application of risk management to Information technology context in order to manage IT risk, i.e.:
The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.
IT risk management can be considered a component of a wider Enterprise risk management system.
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
This training is built around globally accepted standards such as ISO 31000:2009 and frameworks such as ISACA’s Risk IT, and NIST and OCTAVE guidelines for risk management.

TRAINING OBJECTIVES:
 Identify where and how to reduce known/unknown IT risks
 Identify areas of cost-benefit optimization and thus reduce IT expenditure
 Understand the ISO 31000:2009 standard and its applicability to the corporate environment
 Understand risk assessment as addressed in BASEL II, ISO 20000, ISO 27001, ITIL, COSO, COBIT, BS 25999 and its relevance to IT
 Understand the different IT Risk Assessment Standards, Models and Methodologies – NIST’s SP-800-30, and OCTAVE™, ISO 27005
 Insights on practical use of risk assessment and control evaluation techniques

TRAINING MATERIAL OUTLINE:
DAY 1:
1. Background:
 Briefing on Definition of Risk and Risk in context of Information Technology
 Discussion and recording: Known risk scenarios
 IT Risk Management Initiative
 Project Planning Requirements
2. Groundwork:
 General Risk Scenarios
 Understanding Business-specific, industry-specific, region/location-specific scenarios
 Recording the scenarios
3. Management Buy-in
 Degree of business dependence on information technology
 Understanding and recording technology-specific risks
 Tying in general risk scenarios with IT risks
 Techniques of building business case
 Budgeting
4. Project Planning
5. Resource Identification and Allocation
6. Understanding the Concepts and Techniques
 IT Risk Management Cycle
 Technology and business drivers
 Risk Terms – Asset, Threat, Threat Agent, Threat Event, Vulnerability, Countermeasure, Risk, Residual Risk
 Risk Assessment Methodology
 ISO 31000:2009 Overview
7. Exercises, and Discussion
DAY 2:
8. IT Risk Assessment:
 IT Process Selection
 IT Component Selection
 Approach Selection
 Risk Discussion :
 Risks from IT Strategy adopted
 Risks from IT Processes and Plans
 Risks from Networks and Systems
 Risks from Business Applications
 Risks from Internal Application
 Risks from Devices – Security Implementation, Disaster Recovery, Business Continuity
 Risks from Internal and External customers
 Applying ISO 31000 and Risk IT for Risk Assessment
 Challenges and Solutions
 Case Study I
9. Exercises, and Discussion
DAY 3:
10. IT Risk Mitigation :
 IT Risk Mitigation Options
 IT Risk Mitigation Strategy
 Controls’ Identification and Analysis
 Cost Benefit Analysis
 Calculating Residual Risk
 Case Study II
 Applying ISO 31000 and Risk IT for Risk Mitigation
11. Evaluation IT Risk Management Cycle :
 Project Evaluation
 Learning from Selection and Execution techniques
12. Integrating IT Risk Management with various frameworks and standards – BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001, BS 25999 ,NIST’s SP-800-30,, OCTAVE™, ISO 27005
13. IT Risk Management Cycle: A Revision
14. Exercises, and Discussion
DAY 4:
15. Special Project / Case Study “ IT Risk Assessment” (part 1)
DAY 5:
16. Special Project / Case Study “ IT Risk Assessment” (part 2)

VENUE : Jakarta (Maxone Hotel Menteng, Balairung Hotel Matraman, Sentral Hotel, Haris Tebet, Gd Muamalat Institute, Ibis Manggadua, Little Amaroossa Residence, Cosmo Amaroossa, Zodiak MT. Haryono, Grand Tjokro)

TRAINING DURATION : 5 days

TRAINING TIME :

Januari 2024Februari 2024Maret 2024April 2024
2 – 6 Januari 20245 – 9 Februari 20244 – 8 Maret 20241 – 5 April 2024
8 – 12 Januari 202412 – 16 Februari 202412 – 16 Maret 202422 – 26 April 2024
15 – 19 Januari 202419 – 23 Februari 202418 – 22 Maret 202429 April – 3 Mei 2024
22 – 26 Januari 202426 Feb – 1 Maret 202425 – 29 Maret 2024
29 Jan – 2 Feb 2024
Mei 2024Juni 2024Juli 2024Agustus 2024
6 – 10 Mei 20243 – 7 Juni 20241 – 5 Juli 20245 – 9 Agustus 2024
13 – 17 Mei 202410 – 14 Juni 20248 – 12 Juli 202412 – 16 Agustus 2024
20 – 24 Mei 202418 – 22 Juni 202415 – 19 Juli 202419 – 23 Agustus 2024
27 – 31 Mei 202424 – 28 Juni 202422 – 26 Juli 202426 – 30 Agustus 2024
29 Juli – 2 Agus 2024
September 2024Oktober 2024November 2024Desember 2024
2 – 6 September 20241 – 5 Oktober 20244 – 8 November 20242 – 6 Desember 2024
9 – 13 September 20247 – 11 Oktober 202411 – 15 November 20249 – 13 Desember 2024
16 – 20 September 202414 – 18 Oktober 202418 – 22 November 202416 – 20 Desember 2024
23 – 27 September 202421 – 25 Oktober 202425 – 29 November 2024
28 Okt – 1 Nov 2024

INVESTMENT/PERSON :
1. Rp. 9.500.000/person (full fare) or
2. Rp. 9.250.000/person (early bird, payment 1 week before training) or
3. Rp. 8.950.000/person (if there are 3 persons or more from the same company)

FACILITIES FOR PARTICIPANTS:
1. Training Module
2. Flash Disk contains training material
3. Certificate
4. Stationeries: NoteBook and Ballpoint
5. T-Shirt
6. Backpack
7. Training Photo
8. Training room with Full AC facilities and multimedia
9. Lunch and twice coffeebreak every day of training
10. Qualified Instructor