Session 1 – Governance

Session topics:

• 1.1 Risk Assessment Concepts, Standards and Frameworks
• 1.2 Organizational Strategy, Goals and Objectives
• 1.3 Organizational Structure, Roles and Responsibilities
• 1.4 Organizational Culture and Assets
• 1.5 Policies, Standards and Business Processes
• 1.6 Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
• 1.7 Risk Profile, Risk Appetite and Risk Tolerance
• 1.8 Navigating Professional Ethics of Risk Management and Requirements in Laws, regulations and Controls

Session 2 – IT Risk Assessment

Session topics:

• 2.1 Risk Events, Threat Modeling and Threat Landscape
• 2.2 Vulnerability and Control Deficiency Analysis
• 2.3 Risk Scenario Development
• 2.4 Risk Register
• 2.5 Risk Analysis Methodologies
• 2.6 Business Impact Analysis
• 2.7 Inherent, Residual and Current Risk

Session 3 – Risk Response and Reporting

Session topics:

• 3.1 Risk Treatment/Risk Response Options
• 3.2 Risk and Control Ownership
• 3.3 Managing Risk from Processes, Third Parties and Emerging Sources
• 3.4 Control Types, Standards and Frameworks
• 3.5 Control Design, Selection and Analysis
• 3.6 Control Implementation, Testing and Effectiveness
• 3.7 Risk Treatment Plans
• 3.8 Data Collection, Aggregation, Analysis and Validation
• 3.9 Risk and Control Monitoring and Reporting Techniques
• 3.10 Performance, Risk and Control Metrics