Module 1: Risk Management
Learning Outcomes:
- Learn the IT Security relationship between risk, threat, vulnerability, impact, asset, exposure and safeguard.
- Discuss the quantitative way of conducting Risk Analysis.
- Discuss and compute for ALE, SLE, TCO and ROI.
- Discuss the ways in creating risk matrix when doing assessments.
- Discuss the application of qualitative risk management when developing SLA, KPIs and metrics.
- Discuss and demonstrate ways on how to create a business case and how it is defended to the Execom/Mancom for approval.
- Discuss persuasion techniques on how the business case can be approved.
Reference Materials:
Supplementary Articles:
- Performing a Security Risk Assessment
- How to Perform a Cyber Security Risk Assessment
- Cybersecurity Risk Assessment
- 7 steps to a successful ISO 27001 risk assessment
Video Lessons:
Case Assignments:
- Australian tech unicorn Canva suffers security breach
- 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
- Target Hacked: Retailer Confirms ‘Unauthorized Access’ Of Credit Card Data
Assessment:
- Recitation
- Case Analysis