Training course information security risk management and business continuity planning
Click here to load reader
-
Upload
at-microfocus-italy- -
Category
Technology
-
view
44 -
download
1
Transcript of Training course information security risk management and business continuity planning
Course data sheet
Why HPE Education Services?
• IDC MarketScape leader 4 years running for IT education and training*
• Recognized by IDC for leading with global coverage, unmatched technical expertise, and targeted education consulting services*
• Key partnerships with industry leaders OpenStack®, VMware®, Linux®, Microsoft®, ITIL, PMI, CSA, and (ISC)2
• Complete continuum of training delivery options—self-paced eLearning, custom education consulting, traditional classroom, video on-demand instruction, live virtual instructor-led with hands-on lab, dedicated onsite training
• Simplified purchase option with HPE Training Credits
HPE course number HL947S
Course length 3 days
Delivery modes ILT, VILT
View schedule, local pricing, and register View now
View related courses View now
*Realize Technology Value with Training, IDC Infographic 2037, Sponsored by HPE, January 2016
Information Security Risk Management and Business Continuity Planning HL947S As we’ve learned, Information Security is ultimately about protecting the assets most crucial to your business through preserving the Confidentiality, Integrity, and Availability of your information. In this 3-day course, IT professionals and security officers learn to assess and manage risk in their organization and plan for the unexpected.
Audience
• New System or Network Administratorswho want to understand how to determineand manage risk, including an appropriatebusiness continuity strategy
• IT Professionals who need an overview ofrisk management and BCP/DR conceptsand techniques
• Individuals working towards (orconsidering) an information security orrisk management-focused certification
• Professionals who want to know moreabout risk management because it’simportant for their job as a securitypractitioner
• Professionals who want to know moreabout business continuity strategiesbecause everybody needs to be ready forthe unexpected
Prerequisites
• HPE Security Essentials (HL945S) orequivalent knowledge
Course description
Risk management includes recognizing the assets key to your business success, documenting known threats, and their likelihood, calculating the impact of a potential breach and implementing specific controls to avoid breaches or minimize the impact if any occur. Further, for those assets, you identify processes to recover from a breach, and explicitly recognize the remaining risk that you choose to accept.
Business continuity and disaster recovery planning extends this by responding when the unexpected happens and preparing to continue conducting business as usual, and as quickly as possible with as little impact on day to day operations. When disaster strikes, how much will it affect your company? Your reputation? Your customers?
In this course, you learn to identify and evaluate risk to your highest priority assets, and also how to design, implement, and maintain effective, risk treatment controls. This course is also helpful for those working toward industry certifications like CRISC, ABCP, CFCP, CBCI, Security+ or others.
Course data sheet Page 2
Course objectives
Students attending this course will:
Describe generalized risk management lifecycle as starting point in organizational discussions and how processes fit together
• Identify models/frameworks related to Risk Management and Business Continuity Planning/Disaster Recovery Planning
• Paraphrase the process for business impact analysis interviews and calculating values
• Paraphrase the process for assessing and analyzing risk scenarios quantitatively and qualitatively
• Outline the contents expected in a Risk Treatment Plan and BCP/DRP documents
• Participate in risk management implementation audit
Describe the role of governance in managing risk and compliance
• Describe management support and identify team responsibilities. Create and configure virtual machines in Azure
• Scope the current situation in terms of documents to gather and questions to ask
Describe the management requirements to implement risk and resiliency strategy
• Recognize the scope of potential risk response and BCP/DRP strategies appropriate to level of risk
• Categorize investment requirements
Discuss requirements and proposals with security professional
Begin to prepare for various security-related certification exams or a security lead position
Course data sheet Page 3
Detailed course outline
Module 1: Mapping risk management and continuity planning to your business
• Describe risk management
• Discuss the relationship between security, business continuity management and risk management
• Define risk terms
• Describe the risk equation
• Define the key words relating to BCP/DRP
• Position resiliency in your management strategy
• Describe the types of response strategies
• Describe the role of governance in managing risk and compliance
Module 2: Making the case for risk management and business continuity planning
• Discuss the importance of risk management and the need for BCP/DRP in any environment
• List business considerations and drivers for risk management and business continuity planning
• Determine which drivers apply to your environment
Module 3: Managing risk as a process
• Describe the purpose of frameworks, reference models, standards
• List possible risk management models or frameworks as your guide
• Compare BCP/DRP frameworks for your environment
• Describe the lifecycle of risk management
• Distinguish between risk assessment, risk analysis, and business impact analysis
• Promote the ongoing need for training and plan updates
• Define the activities involved in managing risk
• List responsibilities and potential members for a risk management team
• Define the activities involved in developing and maintaining a BCP/DRP
• List responsibilities and potential members for a BCP team
• Describe elements of a proposal for board approval
• Identify stakeholders and their concerns
Module 4: Analyzing business impact: where to focus
• List detailed steps to conduct a business impact analysis project
• Describe steps to conduct interviews to gather data
• Describe how to increase success with BIA interviewing
• Define analytical terms for business impact and recovery requirements
• Explain the process to calculate and document recovery requirements for your critical business functions
Module 5: Assessing risk: what threats and vulnerabilities exist
• List the requirements of a risk assessment team
• Describe how to select assessment targets based on BIA
• Outline the steps in a risk assessment project
• Define the scope of an assessment
• Identify what goes into a plan for examination activities (interviews and vulnerability scanning)
• Compare data gathering methods
• Compare risk assessment methods and tools
• List expectations for documenting assessment results
• List steps to mitigate risks of being a risk assessor
Module 6: Analyzing risks: how much it's worth
• Compare quantitative and qualitative risk analysis
• Describe methods to calculate quantitative risk
• Define probability classes
Module 7: Documenting risk treatment plans: how to protect assets
• Define risk management strategies
• Describe how to select risk treatment plans (physical, technical, social) appropriate to analysis results
• Describe the importance of documenting a policy to review risk management needs
Course data sheet
Follow us:
© Copyright 2015–2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack Foundation, in the United States and other countries and is used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation or the OpenStack community. Pivotal and Cloud Foundry are trademarks and/or registered trademarks of Pivotal Software, Inc. in the United States and/or other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions.
c04568274, August 2016, Rev. 3
Module 8: Planning for resiliency: how to continue your business
• List the sections of a Business Continuity Plan document • Describe the BCP’s underlying plans • List other BC-related plans and their contents • Position the Disaster Recovery Plan with respect to the BCP • List key elements for a Disaster Recovery plan • Compare Disaster Recovery strategies for your company • Compare levels of redundancy and retention • Identify roles and responsibilities for recovery teams • Optimize distribution and utility of documents
Module 9: Implement risk treatment plan • Integrate the project requirements across risk, BCP, and DRP plans • Follow project management best practices to implement plans for risk treatment across the organization • Describe the steps to take during a security incident • List the elements of a security incident report • Identify what constitutes an incident • Describe the process to collect evidence related to an incident
Module 10: Failing back • Discuss what happens when you’re ready to go back • Evaluate the opportunity to upgrade business effectiveness and/or resiliency • Describe the steps
Module 11: Auditing risk management implementation and testing BCP procedures
• Differentiate between an audit and an assessment • Define the characteristics of an audit • Describe when an audit may be applicable • Predict evidence requested during an audit process • Compare risk management audit, compliance audit, and BCP testing • Describe the levels of testing for BCP/DRP plans
Module 12: Summary and case study
• Test your knowledge • Given sufficient detail, design an appropriate risk strategy
Module 13: Business continuity planning—Next steps
• Ask the right questions to determine where your company currently stands • Champion the need for Business Continuity Planning with your management • Determine how much help you need and get it
Appendix
Appendix A: Vulnerability scanning tools
Appendix B: Selecting technical controls
Learn more at hpe.com/ww/learnsecurity