1. Risk assessment and management methodologies
Why risk is the foundation of all the standards. How risks should be managed. The basics and some recommendations. We will start with a simple way of managing risk and go up to the complexity of quantifying risk and FAIR ideas.
- Likelihood
- Impact
- Risk rating
- Value assignment (FAIR methodology)
- Risk based budgeting
2. Benefits of Implementation
We will discuss how standards should be implemented. Where to start, what tools to use. What is the sequence of actions to make implementation?
- Maturity of the organization
- Budgeting
- Scheduled activities
- Reviews, KPIs, self-audit and attestation.
3. Implementation guidelines
- Starting with data classification
- FISMA CIA factors
- Governance
- KPIs
- Roles and responsibilities
- Incident organization
- Relationship of incidents to risk likelihood
- Controls selection
- Policies and procedures, documentation management
- Artifacts
- SecOps
- Incident management
- Audits and reviews
Explanation of ISMS cycles and reviews. Connection to KPIs.
|