 |
|
|
|
Курсы по информационной безопасности
|
|
Сертификационная программа "The Certificate in Enterprise Information Security Management" (Управление информационной безопасностью организации)
 Курс: Practice Set for Risk Analysis and Business Continuity Planning
(Практический курс по Анализу Рисков и Планированию Непрерывности Бизнеса)
Описание: курс является 2-дневной практической частью для курсов “Information Risk Management” и “Business Continuity Planning”. В течение двух дней под руководством Кена Яворски Вы научитесь применять модели анализа рисков, гэп-анализа и различные формы анализа последствий для деятельности (BIA).
Ориентирован на: аудиторов информационных систем, менеджеров по аудиту, планировщиков восстановления после чрезвычайных ситуаций; внешних аудиторов; сотрудников служб поддержки качества; специалистов по защите данных, администраторов безопасности ИС, менеджеров по информационной безопасности; системных программистов и системных аналитиков.
Предварительный уровень подготовки: средний. Вы должны прослушать курсы “Information Risk Management” и “Business Continuity Planning”, или иметь соответствующий опыт.
Продолжительность: 2 дня, 16 часов (1 день, 8 часов - в рамках интенсивной программы).
Методические материалы: методические материалы учебного центра.
Программа курса
Risk Analysis - Investigation
- How Scope Statements are established for the Risk Analysis session
- Potential fields (some mandatory) will be reviewed and a time tested selection process used
- Methods for the prioritization process both assets and threats and vulnerabilities will be selected
- Investigation section of the risk analysis (with a facilitator and scribe selection)
- Not only will the model be implemented but checkpoints will be conducted to determine attendees understanding and ability to modify
Risk Analysis – Follow-Up
- Potential fields will be reviewed and a time tested selection process used
- Responsibility to answer to all potential countermeasures offered by the Subject Matter Experts during the investigation section
- Process to document changes to the action report
- Method for control prioritization
- Using the Risk Analysis to insure most critical controls are implemented
Risk Analysis – General
- Building a list of Common Findings
- Building a Control List
- Central Control of many Risk Analysis sessions
Gap Analysis – Implementation
- Use of model variations
- How the tools can be used to identify most critical weaknesses
- Prioritization of spending security dollars
Business Impact Analysis (BIA) – Production Applications
- How the BIA model is built (+ list of potential impact categories)
- Using a selection of impact categories the attendees will develop an impact scorecard and determine how the categories will be weighted
- Attendees will implement the model on various application types. Identification will include
- Critical business function
- Peak activity periods
- Longest tolerable outages
- Impact to the organization when longest tolerable outages have been exceeded
- Attendee will see how a total impact score is calculated
- Attendees will assist in the creation of a prioritized applications list to be used in the Data Center Disaster Recovery Plan.
- For a quick start – a look at an application BIA Light Process
Business Impact Analysis – Business Unit Functions
- How the two different models of how a Business Unit BIA can be built
- Business Unit BIA will be implemented for a couple of different business units.
- Attendee will see how a business functions are prioritized
- Attendees will assist in the creation of a prioritized business function list for input into the Workspace Recovery Plan
|
