Information Risk Management

Information Risk Management

Course code: BTA-110

Title: Information Risk Management

Course length: 6 (six) academic hours / 4.75 CPE Hours

Audience: Specialists in managing “traditional” operational risks, Information security specialists, Beginning specialists in the field of information security

Prerequisites: knowledge of the basics of risk management, understanding of the principles of economic theory and cost formation, analytical and arithmetic skills.

Course program:

• Information risk management
  • Risk management documentation and principles
  • Types and methods of information risk management
  • Types of methodologies and standards in the field of information risk management
  • Matrix for expert calculation of risk level
  • Examples of calculations of material (monetary) damage from the occurrence of risks associated with the loss of confidentiality, availability, or integrity of information assets
• Calculation of the total cost of ownership of an information asset
  • Total Cost of Ownership (TCO)
  • Life cycle of information systems
  • TCO structure, calculation procedure, and determination of the effect of owning (implementing) an information system
• Threats and risk analysis of availability breaches
  • Regional threats: anthropogenic, technogenic, and natural
  • Single point of failure
  • Attacks on the supply chain
  • Insiders and sabotage
• Common mistakes in the development and operation of information systems
  • Errors in the implementation of information systems
  • Software development (in-source) errors
  • Errors in the operation and maintenance of information systems, equipment, and software-hardware complexes
  • Ways to minimize risks when planning security deficiencies