1.0 Conceptual Understanding of the role & importance of risk management in the context of IT risk management

• 1.1 What is Risk Management?
• 1.2 The Risk Management Process according to best practice ISO standards [IS0 31000:2018]
• 1.3 Risk Assessment Process (Identification, Analysis, Evaluation & Treatment)
• 1.4 Establishing the context
• 1.5 Monitoring & Review
• 1.6 The value proposition of managing Risk – Key Benefits
• 1.7 Definition & Concept of IT Risk Management
• 1.8 Why is IT Risk Management Important?
• 1.9 Types of General IT Risk Threats
• 1.10 Criminal IT threats
• 1.11 Case Study 1 – FAA System Failure 2023
• 1.12 Team breakout & Brainstorm – Developing a robust IT Risk Capability

Day 1 – Afternoon Session

2.0 Managing IT related risks – Key Requirements

• 2.1 Learning How to Manage IT Risks
• 2.2 Information Technology Risk Management Planning
• 2.3 Risk Management Controls for IT Risk
• 2.4 Risk Management Best Practices that foster a Security Conscious Culture
• 2.5 Key Steps in the IT risk management process.
• 2.6 Best practices for information risk management
• 2.7 Role of the Board of Directors and Senior Management
• 2.8 Policies, Standards and Procedures
• 2.9 Policies and Procedures Types Associated with IT Risk Management
• 2.10 Management of Assets, Third-Party Services)
• 2.10.1 Management of Information Assets
  2.10.2 Management of Third-Party Services
• 2.11 Competency and Background Review
• 2.12 Security Awareness and Training
• 2.13 Managing IT risk with practical steps
• 2.14 Case Study 2 – Marriott Hotel System
• 2.15 Team Breakout – Key Lessons Learnt and Proposed Solutions

Day 2- Morning Session

Developing IT Risk Capability – Key Elements

• 3.10 Role of System Development Life Cycle (SDLC) and Security-By-Design
• 3.11 System Requirement Analysis (SRA), Design, Implementation, testing and Acceptance
• 3.11.1 System Requirements Analysis
  3.11.2 System Design and Implementation
  3.11.3 System Testing and Acceptance
• 3.12 Quality Management
• 3.13 Software Application Development and Management (Secure Coding, Source Code Review and Application Security Testing)
• 3.14 IT Service Management (IT Service Management Framework)
• 3.15 Configuration Management, Technology Refresh Management, Patch Management, Change Management, Software Release Management and Incident Management
• 3.15.1 Configuration Management
• 3.15.2 Technology Refresh Management
• 3.15.3 Patch Management
• 3.15.4 Change Management
• 3.15.5 Software Release Management
• 3.15.6 Incident Management

Day 2- Afternoon Session

Key organizational control capabilities in ensuring a robust IT Risk
management infrastructure.

• 4.11 Problem Management
• 4.12 IT Resilience (System Availability)
• 4.13 System Recoverability
• 4.14 Testing of Disaster Recovery Plan
• 4.15 System Backup and Recovery
• 4.16 Data Centre Resilience
• 4.17 Access Management
  4.17.1 Access Control (User Access Management)
  4.17.2 Privileged Access Management
  4.17.3 Remote Access Management
• 4.18 Cryptography- (Cryptographic Algorithm and Protocol)
• 4.19 Cryptographic Key Management
• 4.20 Data & Infrastructure Security (Data Security), Network Security, System &
  Virtualization Security
  4.20.1 Data and Infrastructure Security (Data Security)
  4.20.2 Network Security
  4.20.3 System Security
  4.20.4 Virtualization Security
• 4.21 Internet of Things
• 4.22 Cyber Security Assessment – (Vulnerability Assessment)
• 4.23 Penetration Testing
• 4.24 Role of Cyber Exercises
• 4.25 Customer Authentication and Transaction Signing
• 4.26 Fraud Monitoring
• 4.27 Customer Education and Communication
• 4.28 The Top 5 Technology Challenges In 2023