Information Systems Risk Management (Onsite or online)

When:  Oct 31, 2019 from 8:30 AM to 4:30 PM (ET)

Onsite (Ivey Training Centre) or Online (provide email address)

Training Delivery Method: On-site, instructor-led course; or online, instructor-led course
Prerequisites: Experienced IT professionals with background in security and risk management

What Problem Does This Training Help Solve?
Provides training on IT risk governance, management, and risk controls.

Who Should Attend? IT professionals interested in learning about IT risk control objectives, controls, methodologies, and risk management

Course Material: Content-rich manual /course handouts consisting of about 200 plus foils

Course Syllabus: Alignment of IT with business objectives brings value to the organization, but IT has an element of risk associated with it. This risk must be properly governed and managed in order to balance the IT value delivery and the IT risk. There are many risks associated with the use of information technology, but the major ones are related to IT disaster recovery, IS security, IT processes outsourcing, and IT projects management. Such risks must be monitored, analyzed, mitigated, and accepted at appropriate level to balance value and risk. Although it is a relatively new discipline, measurement and management of IT risk has reached a stage of fairly stable maturity.

Topics to be covered:

What IT risk is
- Security vs. risk
- Security: Confidentiality, integrity, availability
- Corporate pyramid- value delivery vs. risk management

4-tier ITR approach
- Risk governance
- Risk management
- Risk controls

4-layers of IT Risk interdependence
- Business processes
- IT Applications
- IT Infrastructure

Four steps IT Risk approach

Various risk concepts
- Risk appetite vs. risk tolerance
- Risk policies
- Risk appetite techniques
- R and R

- Risk events, ownership, identification
- Risk assessment - how often
- Quantitative vs. Qualitative
- L and I factor
- ALE, SLE, and ARO

Risk Treatment
- Four techniques of risk treatment - mitigate, ignore, transfer, accept
- Risk and control owners
- Types of controls
- Residual risk

Risk register
- Risk and controls and residual risk
- RR ownership

How to measure the effectiveness of risk controls
- Design effectiveness
- Operational effectiveness
- Qualitative vs. Quantitative approaches

Indicators and monitoring
- KRIs

Speaker Profile:
Biography of Director of Education, Jay Ranade: CIA, CRMA, CGEIT, CRISC, CISA, CISM, CISSP, ISSAP, CBCP, HCISPP

Jay Ranade, a certified CISA, CISM, CISSP, ISSAP, CGEIT, CRISC, CIA, CRMA, and CBCP is a New York City-based management consultant and internationally renowned expert on computers, communications, disaster recovery, IT Security, and IT controls. He has written and published 37 IT-related books covering networks, security, operating systems, languages, systems, and more. He also has an imprint with McGraw-Hill called J. Ranade IBM Series, which includes over 300 titles with 7 million copies in print. His publications have been translated into several languages including German, Portuguese, Spanish, Korean, Japanese, and Mandarin. He is also the author of The New York Times critically acclaimed book, The Best of Byte. He is currently working on a number of books on various subjects such as Audit, IT Security, Business Continuity, Blockchain, and IT Risk Management. Jay has consulted and worked for Global and Fortune 500 companies in the U.S. and abroad including: American International Group, Time Life, Merrill Lynch, Dreyfus/Mellon Bank, Johnson & Johnson, Unisys, McGraw-Hill, Mobiltel Bulgaria, and Credit Suisse. He was a member of ISACA International's Publications Committee from 2005 to 2007, and he currently serves as a member and advisor to the New York Metropolitan InfraGard, a partnership between the FBI and private sector institutions to safeguard America’s national infrastructure from hostile attacks. He has been a speaker at the Federal Reserve Bank of New York on Global Financial Infrastructure Protection, and he maintains FBI-certified confidential-level clearance.

Jay also teaches graduate-level classes on Information Security Management, Operational Risk Management, and Ethical Risk Management at New York University, and Accounting Information Systems, IT Auditing, Operational Risk Management, Advanced Fraud Examination, and Internal Auditing at St. John’s University. Jay is senior faculty member at Wharton Executive Education, U of Penn.

President of ISACA New York Metropolitan Chapter awarded him “Best Educator” Award in June 2013.

Profile of Risk Management Professionals Intl. (RMPI)

With over a decade of experience consulting and teaching for marquee clients including Big Four accounting firms and Fortune 500 companies, RMPI has earned a reputation as a leader in business consulting and education. Risk Management Professionals Intl. led by Jay Ranade, renowned IT security expert and best-selling author, was formed to equip our clients with knowledge, tools, and certifications to address the growing and complex arena of IT Risk, IT Security, and IT Controls.

Risk Management Professionals Intl. provides expertise in the latest techniques and methods in curriculum development, training delivery, and training process management, which gives us the edge in shaping IT leaders who are well-prepared to mitigate the information security threats of tomorrow.

Risk Management Professionals Intl.’s certified trainers are knowledgeable practitioners who can teach technology as well as process. Our students learn to apply what they learn in the classroom to real-world challenges; they are not just memorizing facts to pass a certification exam. With Risk Management Professionals Intl., our clients know they have a partner they can trust to support their training objectives and the development of their staff throughout their careers.

Our information security, risk management, governance, and audit training courses have been designed by Jay Ranade; they combine theoretical knowledge with interactive classroom demonstrations and hands-on exercises to instill in-depth knowledge. This approach to information security training, based on real-world scenarios, provides students with the tools to proactively defend against information security threats and optimize and protect their company’s business assets.

Please Note: There is a cancellation policy in effect


Ivey Donald K. Johnson Centre Ground Floor Exchange Tower
130 King Street West
Toronto, ON