Introduction to Risk Management
- Risk management concepts
- Senior management and risk
- Enterprise Risk Management (ERM)
- Benefits of risk management
Data Centre Risk and Impact
- Risk in facility, power, cooling, fire suppression, infrastructure and IT services
- Impact of data centre downtime
- Main causes of downtime
- Cost factors in downtime
Standards, Guidelines and Methodologies
- ISO/IEC 27001:2013, ISO/IEC 27005:2011, ISO/IEC 27002:2013
- NIST SP 800-30
- ISO/IEC 31000:2009
- SS507:2008
- ANSI/TIA-942
- Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)
Risk Management Definitions
- Asset
- Availability/Confidentiality/Integrity
- Control
- Information processing facility
- Information security
- Policy
- Risk
- Risk analysis/Risk assessment/Risk evaluation/
- Risk treatment
- Threat/Vulnerability
- Types of risk
Risk Assessment Software
- The need for software
- Automation
- Considerations
Risk Management Process
- The risk management process
- Establishing the context
- Identification
- Analysis
- Evaluation
- Treatment
- Communication and consultation
- Monitoring and review
Project Approach
- Project management principles
- Project management methods
- Scope
- Time
- Cost
- Cost estimate methods
Context Establishment
- General considerations
- Risk evaluation, impact and acceptance criteria
- Severity rating of impact
- Occurrence rating of probability
- Scope and boundaries
- Scope constraints
- Roles & responsibilities
- Training, awareness and competence
Risk Assessment – Identification
- The risk assessment process
- Identification of assets
- Identification of threats
- Identification of existing controls
- Identification of vulnerabilities
- Identification of consequences
- Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences
Risk Assessment – Analysis and Evaluation
- Risk estimation
- Risk estimation methodologies
- Assessment of consequences
- Assessment of incident likelihood
- Level of risk estimation
- Risk evaluation
- Hands-on exercise: Assessment of consequences,
- probability and estimating level of risk
Risk Treatment
- The risk treatment process steps
- Risk Treatment Plan (RTP)
- Risk modification
- Risk retention
- Risk avoidance
- Risk sharing
- Constraints in risk modification
- Control categories
- Control examples
- Cost-benefit analysis
- Control implementation
- Residual risk
Communication
- Effective communication of risk management activities
- Benefits and concerns of communication
Risk Monitoring and Review
- Ongoing monitoring and review
- Criteria for review
Risk scenarios
- Risk assessment approach
- Data centre site selection
- Data centre facility
- Cloud computing
- UPS scenarios
- Force majeure
- Organisational shortcomings
- Human failure
- Technical failure
- Deliberate acts