INFORMATION TECHNOLOGY RISK MANAGEMENT & LEADERSHIP

IT SERIES

23 - 26 JUNE 2013 RADISSON BLU DUBAI DEIRA CREEK UNITED ARAB EMIRATES

COURSE OVERVIEW
Are you effectively securing your organizations IT systems that store, process, or transmit organizational information? Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to? The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission. Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.

YOUR INTERNATIONAL COURSE FACILITATOR

Dr Mark T. Edmead
MBA, CISSP, CISA, CompTIA Security+

IT Security Consultant & Trainer MTE Advisors

Mark T. Edmead is a successful technology entrepreneur with over 28 years of practical experience in computer systems architecture, information security, and project management. Mark excels in managing the tight-deadlines and ever changing tasks related to mission-critical project schedules. He has extensive knowledge in IT security, IT and application audits, Internal Audit, IT governance, including Sarbanes-Oxley, FDIC/FFIEC, and GLBA compliance auditing. Mr. Edmead understands all aspects of information security and protection including access controls, cryptography, security management practices, network and Internet security, computer security law and investigations, and physical security. He has trained Fortune 500 and Fortune 1000 companies in the areas of information, system, and Internet security. He has worked with many international firms, and has the unique ability to explain very technical concepts in simple-to-understand terms. Mr. Edmead is a sought after author and lecturer for information security and information technology topics. Mark works as an information security and regulatory compliance consultant. He has:

BENEFITS OF ATTENDING
Using a carefully selected case study, course participants will:

Identify common IT project risks Learn how to assess threats and vulnerabilities to create a risk response strategy Understand what qualifies as risk with IT projects & the most common IT risk sources Qualify and quantify IT risks Learn the difference between negative and positive IT risks Develop an IT risk management plan Plan risk response methods for IT risks Create risk mitigation and contingency plans Monitor and control project risks Overcome resistance from stakeholders and team members

Conducted internal IT audits in the areas of critical infrastructure/ systems and applications, Assessed and tested internal controls of critical infrastructure platform systems (Windows, UNIX, IIS, SQL, Oracle) Assessed and tested internal controls of various critical financial applications. Prepared risk assessments and determined risks to critical c financial data systems and infrastructure components. c Created test plans & processes and executed test plans. Conducted reviews of existing systems and
applications, a ensuring appropriate security, management and a data integrity via control processes.

EXCLUSIVE: :

COURSE QUESTIONNAIRE & TAKEAWAYS

1. An An ex exte extensive tens nsiv ive e IT S Sec Security ec cur urit ity y Ar Arch Architecture chit itec ectu ture re Q Que Questionnaire uest stio ionn nnai aire re that t tha hat t will will help h hel elp p you evaluate your organizati organizations i ti i security it position. iti 2. FREE CoBIT 4.0 IT Governance Assessment Evaluation Spreadsheet 3. Take with you templates and worksheets to aid you in applying and putting into practice what you have learned from this workshop. 4. FREE copy of course material, case studies, and other related items of the training workshop

Prepared written reports to all levels of management Participated in audit review panel sessions to address
results, r conclusions and follow-up actions required.

Tel: Te l: +6016 3326 360

Fax: +603 9205 7788

kris@360bsigroup.com kris kr s@3 @360 60bs bsig gro oup up.c .com om

COURSE CONTENT DAY1 IT RISK MANAGEMENT LEADERSHIP WORKSHOP

IT Risk Management Leadership Workshop is a special one-day course designed to teach information security professionals how to become an effective information security manager. In addition, you will learn tips and techniques that will increase your competence and confidence when influencing information security in your organization. Implementing IT Risk Management in an organization is a major effort. This requires coordination with all departments. It requires interfacing with individuals at all levels from technicians and programmers to managers, directors, and C-level executives. In this workshop you will learn how perform a stakeholder analysis, outline the stakeholders required to accomplish your job, and how to effectively navigate the possible roadblocks preventing you from accomplishing your tasks. In addition, you will learn tips and techniques that will increase your competence and confidence when influencing and implementing information technology in your organization. Managing the IT Risk Management Process - Creating an IT Risk Management framework - Determining your critical success factors (CSF) - Determining your key performance indicators (KPI) - Challenges in managing the process Understanding your Corporate Culture - Understanding your organizations trends, strategy and environment - Tips, tricks, and trouble spots - Developing a business continuity management culture - Exercising, maintenance, and audit Understanding your Stakeholders - How to identify your key stakeholders - Performing a stakeholder analysis - Creating a stakeholder engagement communication plan - Getting stakeholder engagement and support

WHY THIS EVENT

The aim of this interactive workshop is to provide you with the skills critical to IT Risk Management. After attending this workshop, you will leave fully armed with the knowledge needed effectively secure your organizations IT systems & infrastructure. You will be able to establish an effective risk management program to assess and mitigate risk, and protect your IT assets. The combination of interactive presentations, hands-on exercises and open discussion groups along with real case studies, ensures you will obtain maximum value from attending.

DAY2 UNDERSTANDING THE NEED FOR IT RISK MANAGEMENT

In this section we will discuss why is it important to consider information technology risks and the impact if an assessment is not performed. - Use of IT risk management in an organization - The importance of IT risk management - IT risk management and ownership - What is risk assessment? Establishing the context of risk in your business - Why your organization needs IT risk management - Consequences for inadequate or no IT risk management activities - The benefits of implementing IT risk management

WHO SHOULD ATTEND

Vice Presidents, Directors, General Managers Chief Information Officers Chief Information Security Officers Chief Technology Officers IT Risk Managers IT Security Managers Compliance Officers Program and Project Managers IT Project Managers IT Operation Managers

COURSE CONTENT DAY3 UNDERSTANDING IT SECURITY FRAMEWORKS AND STANDARDS

An understanding of the various information technology frameworks and standards, and the basics of information security is necessary to better understand how to assess the risks associated with the security implementation. - ISO 27001 - COBIT IT Governance Framework - NIST SP-800 Information security fundamentals - Confidentiality, integrity, and availability - Accountability, non-repudiation, identification - Understanding information assurance Developing an IT risk management strategy - How to perform a high-level risk assessment - Understanding your business risk appetite - Establishing your criteria for risk acceptance - Complying with industry, legal, and/or regulatory requirements

Latest TESTIMONIALS
1

I am impressed with the quality of teaching. I am now more equipped to handle my job more efficiently.
- Okudo Anayo, ERM Financial Risk Manager, Asset Management Corporation of Nigeria

The course was very informative and an eye opener on how to manage IT Risk in an organization.
- George Ochola, Manager - IT Risk, Equity Bank Limited

A great & interactive course. It has enhanced my knowledge regarding IT Risk Management. Dr. Mark is an excellent trainer.
- Yousif Ebrahim Faraj, Senior Lecturer, Bahrain Institute of Banking & Finance (BIBF)

The course was very interactive and informal. There were many takeaways which will help me in implementing Risk Management in my organization and also help in procuring management buy-in.
- Aziz Ahmed, Head of IT, Wall Street Exchange Centre LLC

DAY4 UNDERSTANDING THE IMPACT OF IT RISK TO YOUR ORGANIZATION

The risk appetite of an organization will vary depending on several variables. It is critical to understand what is it that you are protecting and the impact of a threat in the event it becomes real. - How to identify tangible and intangible assets - Determining the value of these assets - Comparing asset value versus control mitigation costs - Conducting a business impact analysis Applying risk management controls - Finding the right control to manage risk - Using best practice frameworks - How to manage residual risk Implementing an IT risk monitoring process - Performing periodic reviews - How to reporting IT risk status - Creating a risk reporting plan The IT Risk Management Document - Outline of the IT Risk Management document - Keeping your document up-to-date - Getting stakeholder support and acceptance

This course covers all the essential knowledge on IT Risk.

- Abdullah Al-Nami, Senior Vice President for Operational Risk and MLC, Riyad Bank

The trainer well managed the interaction between the participants and delivered the material very professionally.
- Adnane Ajroudi, Applications Manager, Dolphin Energy Ltd

COURSE SCHEDULE
8.00 8.30 10.10 - 10.30 12.00 - 13.00 14.40 - 15.00 16.00 Registration & Coffee/Tea Workshop commences Morning coffee/tea Lunch Afternoon coffee/tea End of day
3

INFORMATION TECHNOLOGY RISK MANAGEMENT & LEADERSHIP

23 - 26 JUNE 2013 RADISSON BLU DUBAI DEIRA CREEK UAE

REGISTRATION FORM
Fax: +603 9205 7788 Tel: +603 9205 7772 Mobile: +6016 3326 360 Email: kris@360bsigroup.com
IN-HOUSE TRAINING
360 BSI is passionate about providing strategic IT programs and high potential training solutions across the region to build personal competencies and organizational capability. You will receive practical training from a professionally qualified educator with over twenty years of teaching and training experience. Please feel free to mix-and-match topics from the areas listed below to get the right training content for your staff. Other topics may be available upon request.

DELEGATES
1

Name

Name on tag : Job Title : Email Mobile

2

: : :

Name

Name on tag : Job Title : Email Mobile

3

OTHER RELATED PUBLIC COURSES

IT Governance Service Oriented Architecture (SOA) Business Continuity and Disaster Recovery Preparing for the CISSP exam Cybercrime & Fraud Investigation IT Change Management IT Project Management

: : :

Name

Name on tag : Job Title : Email Mobile : :

Hotel Contact Details:

For Room Reservation, contact for 360BSI corporate rates. Telephone: 00971 4 2057105 Fax: 00971 4 2234698 E-mail: reservations.dxbza@radissonblu.com Radisson BLU Hotel, Dubai Deira Creek Baniyas Road, P.O. Box 476, Dubai, UAE

AUTHORIZATION
Name Job Title Email Tel : Address : : : : ( )

(This form is invalid without a signature)

General Information:
1 2 3 4 5

Registrations close ONE (1) week before the training dates. The fees cover lunch, tea breaks, materials and certificate. Official confirmation will be sent, once registration has been received. Participants will need to arrange their own accommodation. Attire: Smart Casual

Organization :

Cancellations/Substitutions
Substitutions are welcome at any time. Please notify us at least 2 working days prior to the event. All cancellations will carry a 10% cancellation fee, once a registration form is received. All cancellations must be in writing by fax or email at least 2 weeks before the event date. Cancellations with less than 2 weeks prior to the event date carry a 100% liability. However, course materials will still be couriered to you.

Signature :

Date:

Thank you for your registration!

FEES

PAYMENT DETAILS
Payment is required within 5 days upon receipt of the invoice.
Bank transfer: 360 BSI MIDDLE EAST LIMITED Abu Dhabi Commercial Bank Dubai Mall Branch, P.O.Box 49124 Dubai, U.A.E Account No: 10065721319001 Swift No: ADCBAEAAXXX IBAN No: AE780030010065721319001

USD 2,995 per delegate USD 8,085 - Special for Group of 3

The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable the client has to ensure that the taxes are paid on top of the investment fee paid for the course. Compliance with the local tax laws is the responsibility of the client.

* Save up to 50% for In-house Training program

All payments must be received prior to the event date

360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia.

www.360bsi.com/IT