Information Security and Risk Management Training

Information Security and Risk Management Training By TONEX

Information Security and Risk Management Training Course Description

Information Security and Risk Management Training course helps you to understand a variety of topics in information security and risk management such as: introduction to information security, layers of security, threats and vulnerabilities in information security, concept of data and data security, risk modeling, risk management techniques, risk management components, and risk assessment techniques.

Information security is to defend and protect the vital information using the latest technology and defense strategies. Understanding risks, protecting the system security against risk and managing the risk in case of threats is one of the most important topics in cyber security.

By taking the TONEX information security and risk management training, you will understand the main concept of information security, network security and authenticity of the information as well as how to secure the components of the information system.

Learn about threats and vulnerabilities in information system such as environmental disasters, terrorist attacks, cyber vulnerabilities, cybercrimes, cryptographic attacks, code injection attacks, or denial of service attacks.

Learn about the data, data sharing methods, importance of data, and frequency of security incidents on important data and how to design safeguards for vital data.

Learn the principles of risk modeling, characteristics of risks, losses caused by risks, active and proactive risk models, and computer risk models.

Through this seminar, you will also learn about the main procedures to manage the risks, how to avoid risks, how to transfer the risk, controlling the risks, methods of disaster recovery plans (DRP), incident response plan, and cost benefit analysis (CBA).

The TONEX information security and risk management training also helps you discover the main component of risk management from identifying the risk, analyzing the risks, likelihood of the risk to controlling and developing the risk management techniques.

TONEX information security and risk management training includes many in-class activities including hands on exercises, case studies and workshops. During the information security and risk management training, students bring in their own sample work and projects and through our coaching, develop their own information security and risk management system.

Finally, the information security and risk management training will introduce you to the risk assessment techniques through which you can identify the risks, quantify them, analyze and estimate the risks in information system. At the end of the training session, risk management techniques and tools are discussed in detail.

Audience

The information security and risk management training is a 2-day course designed for:

• All individuals who need to understand the concept of information security and risk management.
• IT professionals in the areas of information security and risk management
• Cyber security professionals, network engineers, security analysts, policy analysts
• Security operation personnel, network administrators, system integrators and security consultants
• Security traders to understand the software security of web system, mobile devices, or other devices.
• Investors and contractors who plan to make investments in security system industry.
• Technicians, operators, and maintenance personnel who are or will be working on cyber security projects
• Managers, accountants, and executives of cyber security industry.

Training Objectives

Upon completion of the information security and risk management training course, the attendees are able to:

• Learn the main concept of information security
• Understand the threats and vulnerabilities in information security network
• Recognize the vital data and be able to preserve the security of the data
• Understand the concept of risk, modeling techniques and analysis approaches
• Be able to understand the concept of risk management, classification of the risks and recovery plans
• Explain the main components of risk management in cyber security
• Understand the risk assessment techniques and their application to information security
• Describe the risk management tools and techniques in cyber security

Training Outline

The information security and risk management training course consists of the following lessons, which can be revised and tailored to the client’s need:

Introduction to Information Security

• History of information security
• Meaning of security
• Quality of being secured
• Layers of security
• Physical security
• Personal security
• Operational security
• Communication security
• Network security
• Information security
• Availability of information
• Integrity of information
• Authenticity of information
• Accuracy of information
• Confidentiality of information
• Components of an information system
• Securing the components of information system
• Bottom up and Top down approaches

 Threats and Vulnerabilities

• Natural disasters
• Environmental disasters
• Widespread technical disruptions
• Conventional warfare
• Terrorist attacks
• Civil unrest violence
• Economic threats
• National depression
• Global depression
• Sudden global shortage
• Cyber vulnerabilities
• Cyber activism
• Cyber crime
• Cyber espionage
• Cyber terrorism
• Cyber warfare
• Hacker war
• Network attack
• Electronic attack
• Computer network attack
• Computer network defense
• Computer network exploitation
• Cryptographic attack
• Obfuscating attack
• Resource deception attack
• Cyber weaponry
• Abuse of information leakage
• Code injection attack
• Compromising confidential information
• Botnets
• Denial of service attacks
• Distributed denial of service attack
• IP address spoofing
• Password cracking
• Phishing
• Search engine poisoning
• Spamming
• Targeted attacks

Data

• Difficulty with the Data
• Differences of data sharing
• Relevance of data
• Data finding
• Annual frequency of security incidents
• Consequences of security incidents
• Safeguards

Risk Modeling

• Risk model as a decision driven activity
• Conceptual definition of risk
• Characteristics of risk
• Uncertainty of risk
• Loss caused by risk
• Project risks
• Technical risks
• Business risks
• Market risk
• Sales risk
• Strategic risk
• Management risk
• Budget risk
• Known risk
• Predictable risk
• Unpredictable risk
• Reactive risk strategies
• Proactive risk strategies
• Decision modeling
• Computer security risk model
• Analysis techniques

Introduction to Risk Management

• History of risk management
• Maintaining confidentiality of data
• Assurance of the integrity of data
• Avoidance of risks
• Transferring risks
• Mitigation of risks
• Acceptance of risks
• Controlling the risk
• Revising the deployment organization to manage the risk
• Insurances to cover the risks
• Disaster recovery plan (DRP)
• Incident response plans (IRP)
• Business continuity plan (BCP)
• Handling the action points
• Evaluation, assessment, and maintenance of risk control
• Risk control cycle
• Risk Control layers
• Preventive and detective controls
• Cost Benefit Analysis (CBA)
• Asset valuation components
• Risk management discussion points
• Risk management practices

Components of Risk Management

• Risk identification
• Analyzing the source of the risk
• Risk assessment
• Severity of risk impact
• Likelihood of risk occurring
• Controllability of risks
• Risk response development
• Developing the risk management strategy
• Contingency plan development
• Risk response control
• Implementing risk strategy
• Monitoring plan for new risks
• Risk management modification

Risk Assessment Techniques

• Scenario analysis
• Identifying hazards
• Quantifying risks
• Component determination for safety plan
• Estimation of accident frequency
• Consequence analysis and modeling
• Risk estimation
• Risk event impact analysis
• Identifying the risk type and time
• Identifying the probability of the risk occurrence
• Identifying the difficulty of risk occurrence
• Ranking the importance of the risk
• Risk severity matrix
• Main steps in risk analysis
• Fault tree analysis
• Event tree analysis
• Bowties
• Barrier diagrams
• Reliability data
• Human reliability
• Consequence models
• Qualitative analysis
• Quantitative analysis

 Risk Management Techniques

• Mitigating the risk
• Retaining the risk
• Sharing the risk
• Transferring the risk
• Contingency planning
• Risk management plan
• Estimating the potential loss
• Threat likelihood analysis
• Annual loss expectancy (ALE)
• Non-existent maturity risk
• Ad hoc risks
• Repeatable risks
• Managed risks
• Optimized risks
• Mitigation owner
• Security steering committee
• Security risk management team
• Organizing the solutions by defense in depth
• Physical attacks managements
• Network attacks management
• Host attack management
• Application attack management
• Data attack management
• Direct testing
• Periodic compliance report
• Widespread security incidents

Risk Management Tools

• Tables
• Questionnaires
• Standard report formats
• Software
• List of threats
• List of control

Hands-on and In-Class Activities

• Labs
• Workshops
• Group Activities

Sample Workshops Labs for Information Security and Risk Management Training

• Hands on training on virtual information security laboratories
• Training- Effects of threats on information case study
• Data importance in information security
• Performing a Simple Risk Assessment
• Risk Assessment Case Studies
• Experimental application of Risk Assessment Tools
• Experimental studies of Risk Management Tools
• Introduction to risk identification
• Using Risk Management Tools and software

Information Security and Risk Management Training