NAC, ID 2.0 and Other Top Issues
May 14, 2008, Washington, D.C.
Register now at no charge.
MEMBER LOGIN: PASSWORD:
Log-in Questions? Forgot/Change Password
 
 
The CSI View
Conferences & Events
Awareness & Training
Membership
About CSI
 
 

How to Complete a Risk Assessment in Five Days

Speaker: Thomas Peltier
President
Peltier and Associates

Presentation Overview:

Risk assessment is viewed by many organizations as a long and complicated process. This two-day session will dispel that myth and provide attendees with the tools required to complete a quality risk assessment, using an industry standard process, the Facilitated Risk Analysis and Assessment Process (FRAAP), in five days or less. At the end of the session attendees will take with them an understanding of the risk assessment process, the tools they need to perform the task at their own organization, examples of threat lists, sample control lists and a management summary letter template.

Time-Based Objectives:

Day One

    Key Objectives:

  • Tie business objectives to security controls
  • Conduct a FRAAP
  • Develop a comprehensive FRAAP action plan
  • Gain the support of the custome

    You Will Leave With:

  • A completed set of risk assessment objectives
  • A sample action plan
  • A thorough understanding of the FRAAP process

    •  

Risk management basics — Risk management contains four unique elements: risk analysis, risk assessment, risk mitigation, and vulnerability assessment. We will examine each of these four elements and establish how each can be used properly. Identifying threats and controls — The key to any effective risk assessment process is the thorough identification of threats and the selection of appropriate mitigating controls. We will examine current threat identification methods and how these processes can be blended to meet attendees’specific needs. Once the threat identification process is complete, we will examine current mitigating controls lists and discuss how these can be adapted or modified to meet the needs of each organization.

Day Two

Risk assessment using the qualitative process FRAAP — Using a qualitative risk assessment approach, attendees will examine the most popularly used method of risk assessment in use today. FRAAP will be reviewed and attendees will conduct their own case study FRAAP. Each attendee will examine and critique the process and the instructor will assist attendees in customizing it for their own organization. Practical application case study — Under the leadership of the instructor, each group will prepare to conduct a FRAAP based on a true case study. During this process, the other groups will be provided the opportunity to critique the results of each team’s work.

Prerequisites: n/a


 
 
HOME   ABOUT   CONTACT US   Privacy Statement   Copyright © CMP Media LLC