Like all areas of business the amount of resources (people, time and money) that can be applied to computer security is limited. This means that proper risk based planning is required to determine where resources are best applied to controls to mitigate risk.
To accomplish this, first one must understand what risk is, what assets are at risk and need protecting, and what controls can be applied to effectively mitigate that risk.
This workshop will provide information that will allow the participants to develop a risk-based approach to computer security..
What You Will Cover
- Defining risk
- Identification of key computer security risk
- Quantification of risk
- Explaining the concepts of inherent and residual risk
- Understanding asset and data classification and its use in security planning,
- Understanding the risk of various threats and vulnerabilities,
- Identifying various controls to mitigate identified risks
- Some simple metrics to measure results.
Who Should Attend
Chief Information Officers, Senior Managers or Technicians
How You Will Benefit
After taking this workshop, participants will be able to conduct a risk-based analysis of their computer environment and use the results to plan their computer security program. They will understand the concepts of data and asset classification and the application of various security controls to mitigate risk.
Duration
2 Days.
