Курс Практический курс по Анализу Рисков и Планированию Непрерывности Бизнеса

Код: NEW

Продолжительность курса

16 Академических часов

Стоимость курса

66 216 руб
Заказать

Аудитория

  • для аудиторов информационных систем, менеджеров по аудиту, планировщиков восстановления после чрезвычайных ситуаций; внешних аудиторов; сотрудников служб поддержки качества; специалистов по защите данных, администраторов безопасности ИС, менеджеров по информационной безопасности; системных программистов и системных аналитиков.

От слушателя требуется

  • Вы должны прослушать курсы “Information Risk Management” и “Business Continuity Planning”, или иметь соответствующий опыт.

Содержание курса

Risk Analysis - Investigation

  • How Scope Statements are established for the Risk Analysis session
  • Potential fields (some mandatory) will be reviewed and a time tested selection process used
  • Methods for the prioritization process both assets and threats and vulnerabilities will be selected
  • Investigation section of the risk analysis (with a facilitator and scribe selection)
  • Not only will the model be implemented but checkpoints will be conducted to determine attendees understanding and ability to modify

Risk Analysis – Follow-Up

  • Potential fields will be reviewed and a time tested selection process used
  • Responsibility to answer to all potential countermeasures offered by the Subject Matter Experts during the investigation section
  • Process to document changes to the action report
  • Method for control prioritization
  • Using the Risk Analysis to insure most critical controls are implemented

Risk Analysis – General

  • Building a list of Common Findings
  • Building a Control List
  • Central Control of many Risk Analysis sessions

Gap Analysis – Implementation

  • Use of model variations
  • How the tools can be used to identify most critical weaknesses
  • Prioritization of spending security dollars

Business Impact Analysis (BIA) – Production Applications

  • How the BIA model is built (+ list of potential impact categories)
  • Using a selection of impact categories the attendees will develop an impact scorecard and determine how the categories will be weighted
  • Attendees will implement the model on various application types. Identification will include
    • Critical business function
    • Peak activity periods
    • Longest tolerable outages
    • Impact to the organization when longest tolerable outages have been exceeded
  • Attendee will see how a total impact score is calculated
  • Attendees will assist in the creation of a prioritized applications list to be used in the Data Center Disaster Recovery Plan.
  • For a quick start – a look at an application BIA Light Process

Business Impact Analysis – Business Unit Functions

  • How the two different models of how a Business Unit BIA can be built
  • Business Unit BIA will be implemented for a couple of different business units.
  • Attendee will see how a business functions are prioritized
  • Attendees will assist in the creation of a prioritized business function list for input into the Workspace Recovery Plan