IIBA Toronto Presents
Information Security Risk Analysis
Cybersecurity - Managing Risk in our fast changing information age. Develop a strategy to mitigate risk and implement security controls.
This workshop provides participants with the fundamentals of information security risk management, and cost/benefit analysis of implementing security controls.
The workshop is supplemented by a case study that will allow the participants to
- conduct a risk analysis using the Harmonized Threat Risk Assessment process
- and conduct a cost benefit analysis of implementing a security control
By taking the workshop, the participate will:
- Understand when a Threat Risk Assessment (TRA) should be conducted within the lifecycle of an Information Technology (IT) service
- How TRAs fits into an information security risk management life cycle
- Understand how to prioritize information security control requirements based on risk level
- Experience conducting a TRA, so to obtain an understanding of some of the challenges of conducting a TRA
- Understand how to apply the concept of cost/benefit analysis towards determining the economic value of an information security control
- Experience conducting a cost benefit analysis on an information security control, so that one obtains an understanding of some of the challenges of doing so.
Those involved in business analysis, financial analysis, risk management, and IT project management will have an opportunity to understand how to determine what information security controls are appropriate to a business process or an IT system.
- Information Security Risk Management
- Information Security Risk Analysis
- Asset Classification
- Cost / Benefit Analysis
Harmonized Threat Risk Assessment
- Develop an inventory of assets
- Classify assets
- Identify and assess threats
- Identify and assess vulnerabilities
- Identify relevant controls
- Calculate risk levels
Cost / Benefit Analysis
- Risk Strategy (Accept, Transfer, Avoid, Mitigate)
- Determine the cost of a security control
- Determine the Annual Loss Expectancy
- Determine the overall benefit of a security control
Information Security Consultant
John Wang has over 30 years experience in Telecommunications, Financial Services, and Information Security Consulting including Strategy, Sales, Technical Service, Engineering, and Product Management.
In addition to having his own information security consulting business, providing consulting services on information security governance, security risk assessment, and security policy and procedure development, John teaches information security at George Brown college.
Class time duration: 6.00 hours
IIBA CDU credits: 6.00 credits
Chapter Member Price: $249
Non-Member Price: $299
Workshop fees must be paid upon registration in the workshop prior to attending. Pricing, registration terms, and conditions are subject to change without notice.
For credit card payments, charges will be in the currency of the country where the class takes place and will be converted by the credit card company. IIBA Toronto Chapter is not responsible for fluctuations due to exchange rates. Taxes will be applied to the payment where applicable.
IIBA Toronto Chapter reserves the right to make changes to the workshop program described or to cancel the workshop at any time without notice or liability. The Chapter's sole liability will be limited to the refund of registration fees paid in respect of the workshop and the Chapter shall not be responsible for any incidental or consequential loss arising whatsoever. The Chapter will endeavor to give enrollees as much advance notice as possible of any change to the workshop program or registrant’s enrollment.
The registration fee covers workshop materials only. Refreshments and lunch is not included and is the responsibility of the registrant. Parking is not included.
Cancellations will be allowed prior to 10 days of the workshop start date and a full refund will be issued. Cancellations will not be permitted within 10 days of the workshop start date; however, substitutions will be permitted. It is up to the registrant to find and arrange a substitute. The Chapter will process the substitution by changing the registrant name but is not responsible for any financial transactions between the registrants.
No refunds will be issued within 10 days of the workshop start date. If a registrant does not attend the workshop and has not given adequate notification, it will result in full forfeiture of the registration fee.
If you are unable to attend the workshop, or have comments or questions, please contact firstname.lastname@example.org.
Should you have any questions or need assistance, please contact us at email@example.com.