WHY IS THIS IT RISK ASSESSMENT WORKSHOP IMPORTANT? Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information? Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units? With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to? The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission. Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks. BENEFITS OF ATTENDING THIS WORKSHOP Identify common IT project risks Learn how to assess threats and vulnerabilities to create a risk response strategy Understand what qualifies as risk with IT projects Understand the most common IT risk sources Qualify and quantify IT risks Learn the difference between negative and positive IT risks Develop an IT risk management plan Plan risk response methods for IT risks Create risk mitigation and contingency plans Monitor and control project risks Overcome resistance from stakeholders and team members WHO SHOULD ATTEND THIS WORKSHOP IT risk managers IT security managers Compliance officers Program and project managers IT project managers IT operation manager Contact Kris at kris@360bsi.com to register.

1. 1
YOUR INTERNATIONAL
COURSE FACILITATOR
Dr Mark T. Edmead
MBA, CISSP, CISA, CompTIA Security+
IT Security
Consultant & Trainer
MTE Advisors
Mark T. Edmead is a successful technology entrepreneur
with over 28 years of practical experience in computer
systems architecture, information security, and project
management.
Mark excels in managing the tight-deadlines and ever
changing tasks related to mission-critical project
schedules. He has extensive knowledge in IT security, IT
and application audits, Internal Audit, IT governance,
including Sarbanes-Oxley, FDIC/FFIEC, and GLBA
compliance auditing.
Mr. Edmead understands all aspects of information
security and protection including access controls,
cryptography, security management practices, network
and Internet security, computer security law and
investigations, and physical security.
He has trained Fortune 500 and Fortune 1000 companies
in the areas of information, system, and Internet security.
He has worked with many international firms, and has the
unique ability to explain very technical concepts in
simple-to-understand terms. Mr. Edmead is a sought after
author and lecturer for information security and
information technology topics.
Mark works as an information security and regulatory
compliance consultant. He has:
• Conducted internal IT audits in the areas of critical
infrastructure/ systems and applications,
• Assessed and tested internal controls of critical
infrastructure platform systems (Windows, UNIX, IIS, SQL,
Oracle)
• Assessed and tested internal controls of various critical
financial applications.
• Prepared risk assessments and determined risks to
critical financial data systems and infrastructure
components.
• Created test plans & processes and executed test plans.
• Conducted reviews of existing systems and
applications, ensuring appropriate security, management
and data integrity via control processes.
• Prepared written reports to all levels of management
• Participated in audit review panel sessions to address
results, conclusions and follow-up actions required.
Tel: +6016 3326 360 Fax: +603 9205 7788 kris@360bsigroup.com
c
c
•
•
a
a
•
•
r
TeTel:l: +6016 3326 360 Fax: +603 9205 7788 krkriss@3@36060bsbsiggrooupup.c.comom
1. An extensive IT Security Architecture Questionnaire that will help you
evaluate your organization’s security position.
2. FREE CoBIT 4.0 IT Governance Assessment Evaluation Spreadsheet
3. Take with you templates and worksheets to aid you in applying and putting
into practice what you have learned from this workshop.
4. FREE copy of course material, case studies, and other related items of the
training workshop
1.1. AAnn exextetensnsivivee ITIT SSecec
evaluate your organizati
EXCLUSIVE:
ArArchchititecectuturere QQueueststioionnnnaiairere tthahatt wiwillll hhelelpp you
i ’ it iti
ccururitityy
i ti
:: COURSE QUESTIONNAIRE & TAKEAWAYS
Using a carefully selected case study, course participants will:
• Identify common IT project risks
• Learn how to assess threats and vulnerabilities to create a risk response strategy
• Understand what qualifies as risk with IT projects & the most common IT risk sources
• Qualify and quantify IT risks
• Learn the difference between negative and positive IT risks
• Develop an IT risk management plan
• Plan risk response methods for IT risks
• Create risk mitigation and contingency plans
• Monitor and control project risks
• Overcome resistance from stakeholders and team members
BENEFITS OF ATTENDING
Are you effectively securing your organization’s IT systems that store, process, or
transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and
being coordinated across all functional and business units?
With the release IT Governance frameworks, requirements for risk management
and new international standards entering the market, the pressure is mounting
to ensure that all your IT risks are identified and the necessary action is taken – be
this to mitigate them, accept or ignore them. So, how safe is your IT system? What
are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management
process that protects the organization, not just its IT assets, and provides it with
the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking
preventive measures to reduce it to an acceptable level. It is critical that you
develop an effective risk management program that assesses and mitigates risks
within your IT systems and better manages these IT-related mission risks.
COURSE OVERVIEW
IT
SERIES
23 - 26 JUNE 2013
RADISSON BLU
DUBAI DEIRA CREEK
UNITED ARAB EMIRATES
INFORMATION
TECHNOLOGY
RISK
MANAGEMENT &
LEADERSHIP

2. 2
WHO SHOULD ATTEND
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Information Security Officers
Chief Technology Officers
IT Risk Managers
IT Security Managers
Compliance Officers
Program and Project Managers
IT Project Managers
IT Operation Managers
WHY THIS EVENT
The aim of this interactive workshop is to provide
you with the skills critical to IT Risk Management.
After attending this workshop, you will leave
fully armed with the knowledge needed
effectively secure your organization’s IT systems
& infrastructure. You will be able to establish an
effective risk management program to assess
and mitigate risk, and protect your IT assets.
The combination of interactive presentations,
hands-on exercises and open discussion groups
along with real case studies, ensures you will
obtain maximum value from attending.
DAY2 UNDERSTANDING THE NEED FOR
IT RISK MANAGEMENT
In this section we will discuss why is it important to consider information
technology risks and the impact if an assessment is not performed.
- Use of IT risk management in an organization
- The importance of IT risk management
- IT risk management and ownership
- What is risk assessment?
Establishing the context of risk in your business
- Why your organization needs IT risk management
- Consequences for inadequate or no IT risk management activities
- The benefits of implementing IT risk management
DAY1 IT RISK MANAGEMENT
LEADERSHIP WORKSHOP
IT Risk Management Leadership Workshop is a special one-day course
designed to teach information security professionals how to become an
effective information security manager. In addition, you will learn tips
and techniques that will increase your competence and confidence when
influencing information security in your organization.
Implementing IT Risk Management in an organization is a major effort.
This requires coordination with all departments. It requires interfacing
with individuals at all levels from technicians and programmers to
managers, directors, and C-level executives.
In this workshop you will learn how perform a stakeholder analysis,
outline the stakeholders required to accomplish your job, and how to
effectively navigate the possible roadblocks preventing you from
accomplishing your tasks. In addition, you will learn tips and techniques
that will increase your competence and confidence when influencing
and implementing information technology in your organization.
Managing the IT Risk Management Process
- Creating an IT Risk Management framework
- Determining your critical success factors (CSF)
- Determining your key performance indicators (KPI)
- Challenges in managing the process
Understanding your Corporate Culture
- Understanding your organization’s trends, strategy and environment
- Tips, tricks, and trouble spots
- Developing a business continuity management culture
- Exercising, maintenance, and audit
Understanding your Stakeholders
- How to identify your key stakeholders
- Performing a stakeholder analysis
- Creating a stakeholder engagement communication plan
- Getting stakeholder engagement and support
COURSE
CONTENT

3. 3
COURSE SCHEDULE
8.00
8.30
10.10 - 10.30
12.00 - 13.00
14.40 - 15.00
16.00
Registration & Coffee/Tea
Workshop commences
Morning coffee/tea
Lunch
Afternoon coffee/tea
End of day
“I am impressed with the quality of teaching. I am
now more equipped to handle my job more
efficiently.”
- Okudo Anayo, ERM Financial Risk Manager, Asset Management
Corporation of Nigeria
“The course was very informative and an eye
opener on how to manage IT Risk in an
organization.”
- George Ochola, Manager - IT Risk, Equity Bank Limited
“A great & interactive course. It has enhanced my
knowledge regarding IT Risk Management. Dr.
Mark is an excellent trainer.”
- Yousif Ebrahim Faraj, Senior Lecturer, Bahrain Institute of Banking &
Finance (BIBF)
“The course was very interactive and informal.
There were many takeaways which will help me in
implementing Risk Management in my
organization and also help in procuring
management buy-in.”
- Aziz Ahmed, Head of IT, Wall Street Exchange Centre LLC
“This course covers all the essential knowledge on
IT Risk.”
- Abdullah Al-Nami, Senior Vice President for Operational Risk and MLC,
Riyad Bank
“The trainer well managed the interaction between
the participants and delivered the material very
professionally.”
- Adnane Ajroudi, Applications Manager, Dolphin Energy Ltd
6
5
4
3
2
1
Latest TESTIMONIALS
DAY4 UNDERSTANDING THE IMPACT OF
IT RISK TO YOUR ORGANIZATION
The risk“appetite”of an organization will vary depending on several
variables. It is critical to understand what is it that you are protecting and
the impact of a threat in the event it becomes real.
- How to identify tangible and intangible assets
- Determining the value of these assets
- Comparing asset value versus control mitigation costs
- Conducting a business impact analysis
Applying risk management controls
- Finding the right control to manage risk
- Using best practice frameworks
- How to manage residual risk
Implementing an IT risk monitoring process
- Performing periodic reviews
- How to reporting IT risk status
- Creating a risk reporting plan
The IT Risk Management Document
- Outline of the IT Risk Management document
- Keeping your document up-to-date
- Getting stakeholder support and acceptance
DAY3 UNDERSTANDING IT SECURITY
FRAMEWORKS AND STANDARDS
An understanding of the various information technology frameworks
and standards, and the basics of information security is necessary to
better understand how to assess the risks associated with the security
implementation.
- ISO 27001
- COBIT IT Governance Framework
- NIST SP-800
Information security fundamentals
- Confidentiality, integrity, and availability
- Accountability, non-repudiation, identification
- Understanding information assurance
Developing an IT risk management strategy
- How to perform a high-level risk assessment
- Understanding your business risk appetite
- Establishing your criteria for risk acceptance
- Complying with industry, legal, and/or regulatory requirements
COURSE
CONTENT

4. PAYMENT DETAILSFEES
4
OTHER RELATED PUBLIC COURSES
IT Governance
Service Oriented Architecture (SOA)
Business Continuity and Disaster Recovery
Preparing for the CISSP exam
Cybercrime & Fraud Investigation
IT Change Management
IT Project Management
360 BSI is passionate about providing strategic IT programs
and high potential training solutions across the region to build
personal competencies and organizational capability.
You will receive practical training from a professionally
qualified educator with over twenty years of teaching and
training experience.
Please feel free to mix-and-match topics from the areas listed
below to get the right training content for your staff. Other
topics may be available upon request.
IN-HOUSE TRAINING
Thank you for your registration!
* Save up to 50% for In-house Training program
Substitutions are welcome at any time. Please notify us at
least 2 working days prior to the event. All cancellations will
carry a 10% cancellation fee, once a registration form is
received. All cancellations must be in writing by fax or email
at least 2 weeks before the event date. Cancellations with
less than 2 weeks prior to the event date carry a 100% liability.
However, course materials will still be couriered to you.
General Information:
Registrations close ONE (1) week before the training dates.
The fees cover lunch, tea breaks, materials and certificate.
Official confirmation will be sent, once registration has been
received.
Participants will need to arrange their own accommodation.
Attire: Smart Casual
1
2
3
4
5
Cancellations/Substitutions
Fax: +603 9205 7788
Tel: +603 9205 7772
Mobile: +6016 3326 360
Email: kris@360bsigroup.com
REGISTRATION FORM
Hotel Contact Details:
Payment is required within 5 days upon receipt of
the invoice.
Bank transfer:
360 BSI MIDDLE EAST LIMITED
Abu Dhabi Commercial Bank
Dubai Mall Branch, P.O.Box 49124 Dubai, U.A.E
Account No: 10065721319001
Swift No: ADCBAEAAXXX
IBAN No: AE780030010065721319001
All payments must be received prior to the event date
USD 8,085- Special for Group of 3
USD 2,995 per delegate
The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable
the client has to ensure that the taxes are paid on top of the investment fee paid for the course.
Compliance with the local tax laws is the responsibility of the client.
For Room Reservation, contact for 360BSI corporate rates.
Telephone: 00971 4 2057105 Fax: 00971 4 2234698
E-mail: reservations.dxbza@radissonblu.com
Radisson BLU Hotel, Dubai Deira Creek
Baniyas Road, P.O. Box 476, Dubai, UAE
360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia.© www.360bsi.com/IT
Name
Name on tag
Job Title
Email
Mobile
:
:
:
:
:
Name
Name on tag
Job Title
Email
Mobile
:
:
:
:
:
Name
Name on tag
Job Title
Email
Mobile
:
:
:
:
:
1
2
3
DELEGATES
AUTHORIZATION
(This form is invalid without a signature)
Name :
Job Title :
Email :
( )Tel :
Organization :
Address :
Signature : Date: / /
23 - 26 JUNE 2013
RADISSON BLU
DUBAI DEIRA CREEK
UAE
INFORMATION
TECHNOLOGY
RISK
MANAGEMENT &
LEADERSHIP