CIS Risk Management

Course Description

This course addresses the need to provide for the protection of information assets and the management of risk exposure to those assets. The need to identify and reduce the risks to information assets will be examined. The course focuses on the need for control and protection of organizational data, the need for reliability in information systems (fault tolerance considerations), the identification of potential impacts present in the risks to information assets, the development of contingency plans and the role fulfilled by the implementation of security measures.

Topics and Objectives

Security Roles and Activities

• Define the role of security in business.
• Describe the activities associated with managing, administering and controlling the security program within an enterprise or business environment.

Disaster Recovery and Business Resumption Planning Overview

• Define management considerations, objectives and justification for a disaster recovery or business resumption planning effort in a business environment.

Security Risks

• Identify and examine different types of security breaches that must be addressed and overcome.
• Examine the security considerations associated with a variety of distributed computing environments.
• Examine security exposures present in business environments.

Risk and Impact Analysis

• Examine the techniques for risk assessment in an organization and the costs and benefits associated with this assessment.
• Identify and describe the methods for determining levels of criticality in systems and the approach for developing a recovery strategy.

Security Tools

• Analyze Internet security issues.
• Evaluate security tools.

Disaster Recovery and Business Resumption Planning Approaches

• Identify the approach to and planning requirements associated with the development of disaster recover and business resumption plans.

Fault Tolerance (System Dependability and Continuous Processing)

• Define the considerations and general design features that are necessary to enable a computer application to continue functioning.
• Identify and examine the different types of fault tolerance.
• Define and examine fault tolerance design alternatives.

Disaster Recovery and Business Resumption Planning - Staffing and Tools

• Evaluate the staffing, strategy and requirements for effective and practical disaster recovery and business resumption planning.
• Identify and use the tools, methods and procedures necessary to design and implement a disaster recovery or business resumption plan.

Disaster Recovery and Business Resumption Planning - Plan Development

• Evaluate the methods of gathering recovery plan data.
• Analyze the plan development process.
• Compile recovery teams' activities.

Security

• Analyze network security considerations.
• Define secure applications.

Disaster Recovery and Business Resumption Planning - Training and Testing

• Develop testing and training requirements.
• Create the plan maintenance and policy.