| Session 1 – Governance: Learning Objectives |
- Outline how the key concepts of risk impact the enterprise.
|
- Describe the concepts of enterprise risk management
|
- Distinguish between governance and management functions.
|
- Assess risk frameworks and their role enterprise risk management.
|
- Describe the relationship between enterprise risk and IT risk.
|
- Explain role of the risk practitioner in the three lines of defense.
|
- Define roles and responsibilities within the organizational structure and explain how they relate to risk management.
|
- Define the types of risk profiles.
|
- Outline the impact of organizational culture on risk management.
|
- Describe the relationship between risk appetite and risk tolerance.
|
- Identify organizational assets and how they are valued.
|
- Describe the impact of legal, regulatory, and contractual obligations regarding risk management
|
- Explain how policies and standards provide direction to the enterprise.
|
- Explain the importance of professional ethics in risk management.
|
- Describe how the business process reviews help improve enterprise effectiveness.
|
|
| Session 1 – Governance: Session topics |
- 1.1 Risk Assessment Concepts, Standards and Frameworks
|
- 1.5 Policies, Standards and Business Processes
|
- 1.2 Organizational Strategy, Goals and Objectives
|
- 1.6 Enterprise Risk Management, Risk Management Frameworks and Three Lines of Defense
|
- 1.3 Organizational Structure, Roles and Responsibilities
|
- 1.7 Risk Profile, Risk Appetite and Risk Tolerance
|
- 1.4 Organizational Culture and Assets
|
- 1.8 Navigating Professional Ethics of Risk Management and Requirements in Laws, Regulations and Controls
|
| Session 1 – Governance: Enrichment |
- Risk Management Strength and Financial Disclosure Quality
|
- The Non-IT Manager’s Role in Enterprise IT Risk Management
|
- Pandemic-Driven Remote Working and Risk Management Strategies
|
- Fintech Governance Challenges, Levels and Theories
|
- The Role of IT Governance During COVID-19 and Beyond: Keeping the Momentum, ISACA Journal, Vol 6.
|
- The Sheer Gravity of Underestimating Culture as an IT Governance Risk
|
- Are Organizations Actually Performing Risk-Based Audits?
|
- Connecting Good Governance With Key Risk
|
- Successful Outcomes by Crowdsourcing Risk Management
|
- Moving Risk Management From Fear and Avoidance to Performance and Value
|
- Roles of Three Lines of Defense for Information Security and Governance
|
- Human Error: A Vastly Underestimated Risk in Digital Transformation Technology
|
| Session 2 – IT Risk Assessment: Learning Objectives |
- Define the types of risk events and threats an enterprise can face
|
- Define common risk assessment standards and frameworks.
|
- Explain the risk identification process.
|
- Describe the value of the risk register to the enterprise.
|
- Identify threat modeling techniques.
|
- Explain risk analysis methodologies and how they are used.
|
- Compile a threat profile using threat modeling techniques
|
- Illustrate the relationship between business impact analysis and risk assessment.
|
- Describe the process and benefits of developing risk scenarios.
|
- Outline the effect of inherent and residual risk on the enterprise.
|
- Explain the risk assessment process.
|
|
| Session 2 – IT Risk Assessment: Session topics |
- 2.1 Risk Events, Threat Modeling and Threat Landscape
|
- 2.5 Risk Analysis Methodologies
|
- 2.2 Vulnerability and Control Deficiency Analysis
|
- 2.6 Business Impact Analysis
|
- 2.3 Risk Scenario Development
|
- 2.7 Inherent, Residual and Current Risk
|
|
|
|
| Session 2 – IT Risk Assessment: Enrichment |
- IS Audit in Practice: Watching Out for Workforce Risk in the New Normal
|
- Tips for Improving Risk Assessment and Analysis
|
- Managing Technology Risk to Protect Privacy and Confidentiality
|
- The First Steps of Quantitative Risk Management
|
- How to Balance Insider Threats and Employee Privacy
|
- Evolving From Qualitative to Quantitative Risk Assessment
|
- The Practical Aspect: Working from Home—Reassessing Risk and Opportunities
|
|
| Session 3 – Data Structures: Learning Objectives |
- Determine roles accountable for risk and control ownership.
|
- Assess gaps between current and desired states of the IT risk environment.
|
- Align risk treatment and response options with enterprise risk appetite and tolerance.
|
- Collaborate with control owners on the selection, design and implementation of controls.
|
- Address risk originating from outside the enterprise (or from third parties).
|
- Conduct aggregation, analysis and validation of risk and control data.
|
- Apply procedures to processes and functions containing high amounts of variability.
|
- Validate risk responses have been executed according to risk treatment plans.
|
- Evaluate emerging technologies and changes to the environment for threats, vulnerabilities and opportunities.
|
- Describe the types of risk data available to monitor and report risk.
|
- Categorize controls relative to the type of risk response required.
|
- Identify types of control assessments.
|
- Leverage common standards and frameworks in designing and implementing controls.
|
- Explain the process of compiling and reporting the status of controls.
|
- Identify the current state of existing controls and evaluate their effectiveness for IT risk mitigation.
|
- Apply the steps of control monitoring process
|
- Establish a process to define, monitor and analyze metrics relevant to enterprise risk.
|
|
| Session 3 – Data Structures: Session topics |
- 3.1 Risk Treatment/Risk Response Options
|
- 3.6 Control Implementation, Testing and Effectiveness
|
- 3.2 Risk and Control Ownership
|
|
- 3.3 Managing Risk from Processes, Third Parties and Emerging Sources
|
- 3.8 Data Collection, Aggregation, Analysis and Validation
|
- 3.4 Control Types, Standards and Frameworks
|
- 3.9 Risk and Control Monitoring and Reporting Techniques
|
- 3.5 Control Design, Selection and Analysis
|
- 3.10 Performance, Risk and Control Metrics
|
| Session 3 – Data Structures: Enrichment |
- Addressing Key Pain Points to Develop a Mature Third-Party Risk Management
|
- Effective Reporting to the BoD on Critical Assets, Cyberthreats and Key Controls: The Qualitative and Quantitative Model
|
- Digital Banking Poses Challenges for Third-Party Risk Management
|
- Reporting Cybersecurity Risk to the Board of Directors
|
- Access Controls Over Third-Party Applications
|
- Enterprise Risk Monitoring Methodology, Part 4: Risk Executive Summary
|
- Addressing Risk Using the New Enterprise Security Risk Management Cycle
|
|
| Session 4 – Information Technology and Security: Learning Objectives |
- Explain the key components of enterprise architecture and the frameworks used to implement them.
|
- Evaluate emerging technologies and changes to the environment for threats, vulnerabilities and opportunities.
|
- Identify IT components and their areas of concern relating to enterprise risk.
|
- Identify factors that can impact security and risk in the enterprise.
|
- Describe the project risk and how it is addressed in the project management process.
|
- Leverage information security frameworks and standards to manage information systems and data.
|
- Outline the steps and requirements needed to maintain enterprise resiliency.
|
- Review the scope of information security training and awareness programs against identified threats faced by the enterprise.
|
- Assess areas of risk throughout the data life cycle.
|
- Apply data privacy and data protection principles to risk assessment activities.
|
- Articulate key security and support tasks to perform during the system development life cycle.
|
|
| Session 4 – Information Technology and Security: Session topics |
- 4.1 Enterprise Architecture
|
- 4.6 System Development Life Cycle
|
- 4.2 IT Operations Management
|
- 4.7 Emerging Technologies
|
|
|
- 4.8 Information Security Concepts, Frameworks, Standards and Awareness Training
|
- 4.4 Disaster Recovery Management
|
- 4.9 Business Continuity Management
|
- 4.5 Data Life Cycle Management
|
- 4.10 Data Privacy and Protection Principles
|
| Session 4 – Information Technology and Security: Enrichment |
- Security for Internet of Things Device Manufacturers
|
- Data Ownership: Considerations for Risk Management
|
- The California Consumer Privacy Act and Encryption: Theory, Practice, Risk Assessment and Risk Mitigation
|
|
