Overview
As we’ve learned, Information Security is ultimately about protecting the assets most crucial to your business through preserving the Confidentiality, Integrity, and Availability of your information. In this 3-day course, IT professionals and security officers learn to assess and manage risk in their organization and plan for the unexpected
Prerequisites
- HPE Security Essentials (HL945S) or equivalent knowledge
Outline
Module 1: Mapping risk management and continuity planning to your business
• Describe risk management
• Discuss the relationship between security, business continuity management and risk management
• Define risk terms
• Describe the risk equation
• Define the key words relating to BCP/DRP
• Position resiliency in your management strategy
• Describe the types of response strategies
• Describe the role of governance in managing risk and compliance
Module 2: Making the case for risk management and business continuity planning
• Discuss the importance of risk management and the need for BCP/DRP in any environment
• List business considerations and drivers for risk management and business continuity planning
• Determine which drivers apply to your environment
Module 3: Managing risk as a process
• Describe the purpose of frameworks, reference models, standards
• List possible risk management models or frameworks as your guide
• Compare BCP/DRP frameworks for your environment
• Describe the lifecycle of risk management
• Distinguish between risk assessment, risk analysis, and business impact analysis
• Promote the ongoing need for training and plan updates
• Define the activities involved in managing risk
• List responsibilities and potential members for a risk management team
• Define the activities involved in developing and maintaining a BCP/DRP
• List responsibilities and potential members for a BCP team
• Describe elements of a proposal for board approval
• Identify stakeholders and their concerns
Module 4: Analyzing business impact: where to focus
• List detailed steps to conduct a business impact analysis project
• Describe steps to conduct interviews to gather data
• Describe how to increase success with BIA interviewing
• Define analytical terms for business impact and recovery requirements
• Explain the process to calculate and document recovery requirements for your critical business functions
Module 5: Assessing risk: what threats and vulnerabilities exist
• List the requirements of a risk assessment team
• Describe how to select assessment targets based on BIA
• Outline the steps in a risk assessment project
• Define the scope of an assessment
• Identify what goes into a plan for examination activities (interviews and vulnerability scanning)
• Compare data gathering methods
• Compare risk assessment methods and tools
• List expectations for documenting assessment results
• List steps to mitigate risks of being a risk assessor
Module 6: Analyzing risks: how much it's worth
• Compare quantitative and qualitative risk analysis
• Describe methods to calculate quantitative risk
• Define probability classes
Module 7: Documenting risk treatment plans: how to protect assets
• Define risk management strategies
• Describe how to select risk treatment plans (physical, technical, social) appropriate to analysis results
• Describe the importance of documenting a policy to review risk management needs
Module 8: Planning for resiliency: how to continue your business
• List the sections of a Business Continuity Plan document
• Describe the BCP’s underlying plans
• List other BC-related plans and their contents
• Position the Disaster Recovery Plan with respect to the BCP
• List key elements for a Disaster Recovery plan
• Compare Disaster Recovery strategies for your company
• Compare levels of redundancy and retention
• Identify roles and responsibilities for recovery teams
• Optimize distribution and utility of documents
Module 9: Implement risk treatment plan
• Integrate the project requirements across risk, BCP, and DRP plans
• Follow project management best practices to implement plans for risk treatment across the organization
• Describe the steps to take during a security incident
• List the elements of a security incident report
• Identify what constitutes an incident
• Describe the process to collect evidence related to an incident
Module 10: Failing back
• Discuss what happens when you’re ready to go back
• Evaluate the opportunity to upgrade business effectiveness and/or resiliency
• Describe the steps
Module 11: Auditing risk management implementation and testing BCP procedures
• Differentiate between an audit and an assessment
• Define the characteristics of an audit
• Describe when an audit may be applicable
• Predict evidence requested during an audit process
• Compare risk management audit, compliance audit, and BCP testing
• Describe the levels of testing for BCP/DRP plans
Module 12: Summary and case study
• Test your knowledge
• Given sufficient detail, design an appropriate risk strategy
Module 13: Business continuity planning—Next steps
• Ask the right questions to determine where your company currently stands
• Champion the need for Business Continuity Planning with your management
• Determine how much help you need and get it
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.