CIS Risk Management and Strategic Planning

Course Description

This course first focuses on the a) need for control and protection of organizational data, b) the need for reliability in information systems (fault tolerance considerations), c) the identification of potential impacts present in the risks to information assets, and d) the development of contingency plans and the role fulfilled by the implementation of security measures. Second, this course provides the knowledge and skills to develop effective short, intermediate, and long-range strategic information systems plans, which include risk management considerations. This includes a) the need and responsibilities of an Information Management Steering Committee; b) the relationship of information systems planning to overall organizational goals; c) assessment of the organization's current state; determination of information technology, project, and management requirements; and d) the means of prioritizing and selecting systems projects.

Topics and Objectives

The Role of Disaster Recovery and Business Resumption Planning in the Organization

• Define the roles of security and business resumption planning in the organizational environment.
• Identify common goals, benefits, and advantages of integrating the security and disaster recovery functions in a business environment.
• Describe the activities associated with managing, administering and controlling the security program within an enterprise or business environment.
• Security (Facilities and Computer Information Systems) and Risk and Impact

Analysis

• Examine the techniques for risk assessment in an organization, and the costs and benefits associated with this assessment.
• Identify and examine the different types of security exposures that must be addressed and overcome.
• Identify and describe the methods for determining levels of criticality in systems and the approach for developing a recovery strategy.

Fault Tolerance (System Dependability and Continuous Processing) and Disaster Recovery Plan

• Define the considerations and general design features that are necessary to enable a network, a computer application, and a distributed processing system to continue functioning.
• Define/examine the different types of fault tolerance and identify fault tolerance design alternatives.
• Identify and use the tools, staffing, strategy methods, and planning procedures necessary to design and implement a practical disaster recovery or business resumption plan.

The Role of Information Systems Business Planning in the Organization and Current Status Assessment

• Identify the key issues impacting the use of information technology within the organization.
• Analyze the effects of environmental challenges on the organization's business and how information technology plays a role in meeting these challenges.
• Examine the role of information technology in helping the organization gain strategic advantage or attain a state of strategic maintenance.
• Define the components of the Current Status Assessment and the role that it plays in the development of the information technology plans.
• Review the means of establishing an information technology plan through fostering an attitude of change or active maintenance and strategic and measurable change.

Information Technology Project Planning and Prioritization

• Analyze the organization's business goals and objectives and their implications with respect to the application of information technology within the organization.
• Identify the reasons for providing management with a current, accurate inventory and an assessment of the hardware, software, systems, human resources, and support environment within an organization.
• Identify the issues and apply the techniques associated with developing an unbiased and constructive organizational assessment of the information technology management function within an organization.
• Define a project portfolio and examine various methods for prioritizing projects within that portfolio.

Information Technology Vision for the Organization, Information Technology Plan, and Business Resumption Plan

• Define the parameters inherent in developing an organizational information technology vision.
• Examine the components of the future information technology environment within the organization.
• Review the means of establishing an information technology plan through implementation of cost effective change, and through organizational and educational change support.
• Identify the operational, organizational, and political requirements for implementing the model of a future technology environment.
• Construct and defend a Strategic IT/Business Resumption Plan and provide an oral presentation of the same.