|
Title: Risk Management in the IT Environment
Date: February 11, 2010
Time: 8:30am - 4:30pm
Instructor: Glen D. Chambers, CISA
Location: One Highland Center, 314 E. Highland Mall Blvd., Suite 403, Austin, TX 78752
Price: $225
Early Bird Discount: $199 if you register by January 11, 2010.
Who Should Attend: All auditors (IS and non-IS), audit supervisors and managers with the desire to gain a better understanding of the challenges facing agencies in developing and maintaining an effective risk management process within federal, state and local IT operations.
Course Description:
This course is designed to provide attendees with an introduction to a structured risk management process adopted for many organization’s information technology (IT) systems. In this digital era, as organizations use automated technology to process their information, risk management plays a critical role in protecting an organization’s information assets from IT-related risk. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.
The training material is also designed to provide an overview of selected cost-effective security controls. These controls can be used to mitigate risk for the better protection of critical information and the IT systems that process, store, and carry this information. Our role as auditors is to evaluate the adequacy of established procedures and processes employed to address risk and to assess the effectiveness of controls that have been implemented to ensure continuity and consistency of operations for information systems that support the operations and assets of the agency.
Using pertinent information from GAO’s Federal Information System Controls Audit Manual (FISCAM) and selected National Institute of Standards and Technology (NIST) Special Publications, the training material covers various aspects of the risk management process including nine primary steps which encompass the risk assessment methodology. The topics presented are designed to give the auditor and audit management a thorough overview of the various factors that should be considered by management in establishing a viable risk assessment methodology and the key audit procedures necessary to evaluate the adequacy of management’s actions.
Upon completion of this course, you will:
Be knowledgeable of risk management, how it fits into the system development life cycle (SDLC), and the roles of individuals who support and use this process.
Be familiar with the risk assessment methodology and the nine primary steps in conducting a risk assessment of an IT system.
Know the various factors involved with the risk mitigation process.
Understand the need for an ongoing risk evaluation and assessment and the factors that will lead to a successful risk management program.
Course Topics:
Module 1 - Fundamental Planning Principles and Practices
Purpose of Risk Management
Importance of Risk Management
Integration of Risk Management into SDLC
Federal Mandates, Standards and Guidelines
Module 2 - Risk Assessment
System Characterization
Threat Identification
Vulnerability Identification
Control Analysis
Likelihood Determination
Impact Analysis
Risk Determination
Control Recommendation
Results Documentation
Module 3 - Risk Mitigation
Risk Mitigation Options
Risk Mitigation Strategy
Approach for Control Implementation
Control Categories
Cost-Benefit Analysis
Residual Risk
Module 4 - Evaluation and Assessment
Good Security Practice
Keys for Success
The timing and duration of our discussion on any of the above topics can be adjusted accordingly depending upon the experience level of the attendees. All of the material being presented is designed to look at today’s environment from the auditor’s perspective with emphasis on the steps necessary to satisfy the Government Auditing Standards.
Instructor Bio: Glen D. Chambers, CISA
Glen D. Chambers, a 2002 retiree from the Defense Contract Audit Agency (DCAA), has over 20 years experience in auditing information systems at some of the largest Department of Defense contractors in the country. Glen’s Information Technology (IT) auditing experience has included detailed reviews in areas such as internal controls, cost allocations/job accounting systems, economy and efficiency reviews, and computer performance evaluations.
Glen is a faculty member of the Graduate School, Government Audit Training Institute where he is involved with course development and instruction. Glen is a Certified Information Systems Auditor and a member of the Information Systems Audit and Control Association.
CPE: 8 hours
Level: Intermediate
Type of Class: Audit
TX Board of Public Accountancy Sponsor Number: 009317
Cancellation Information: Cancellation Date: January 21, 2010
To cancel your registration from this course, please call or email the course
contact listed below. If a cancellation is received after the cancellation
date, the registrant will be charged $75 for course materials.
Class participants will
be billed after the class. Payment should be made to SOLUTIONS TRAINING GROUP,
Federal Tax ID: 20-2732184 and mailed to 2701 Maria Anna Rd, Austin, TX 78703.
If you have any questions, please contact Shannon Bieberdorf at (512) 914-5557
shannon@solutionstraininggroup.com. For
additional information about this class, please contact Laurie Garrant at laurie@solutionstraininggroup.com,
(512) 914-5567.
|
