Since 2007, ISACA has focused intensively on the topic of risk & security management. In the past, little attention was paid to these two aspects in companies. Not only financial risks, but also organizational, cultural, procedural and other risks and security deficiencies are key factors in the company-wide handling of risk, which have prompted ISACA to publish these publications dealing with risk and security management. The main objective of RIBIS (Risk IT and Business Model for Information Security) is to provide a comprehensive overview of all corporate risks, their treatment and all security aspects. In order to meet this goal, a COBIT® 5.0 training is a minimum requirement, which is conveyed in this workshop.
The workshop includes the most important risk and safety products such as
– risk IT
– BMIS (Business Model for Information Security)
In this workshop, the requirements of different stakeholders and their concerns (Stakeholder Needs) regarding the handling of business and IT risks and the submission of an overall solution for the company are intensively discussed. The participants will be able to better understand the details and to map them as effectively as possible using the framework.
The RISK IT framework complements ISACA COBIT® 5.0, which already provides a comprehensive framework for the control and governance of business-driven solutions and services. These business-driven solutions and services represent best practices as a means to risk management by providing a set of controls. They can be used to identify, address and manage an organization’s IT risks.
Internal events can be operational IT incidents, project failures, 180 degree IT strategy switches and mergers. External events can be, for example, changes in market conditions, new competitors, ever new technologies available and new rules and regulations. These events all represent a risk and must be evaluated and the appropriate measures developed and implemented. The risk dimension and how to manage it is the main topic of the Risk IT framework.
The following topics will be covered in this workshop:
– Definition of risk universe and risk management
– Risk readiness of a company and the risk tolerances
– Risk awareness, communication and reporting
– Risk profile and risk culture and risk description
– Introduction of risk landscape and risk register
– Generic risk scenarios and risk factors
– Risk analysis and risk responses
– Risk analysis and migration in COBIT processes
In January 2009, ISACA introduced the “Security Community” and the business model for information technology security. The publications of the security experts have provided a glimpse into a new approach to effective information security management. BMIS focuses on the business environment in which information security is operated in relation to business processes. This particular focus offers a further view on “value driving” processes and systems within the company, which gives a better influence on information security.
Although security experts have managed to keep many potential attacks in check, there have been several costly security breaches that raise the legitimate question of how effective information security and its programs are in an organization?
From a business perspective, the primary goals of any company are often far removed from the technical world of IT. To bridge the gap between what the company does and how this is supported by high security, BMIS combines technical content with business thinking and a strategic view.
RIBIS provides a detailed overview of all safety and risk aspects including
– Management Practices (COBIT® 5.0 spoke of so-called Management Practices),
– The interfaces among each other
– KPI’s and their activities
– The benefits of COBIT® 5.0 processes for value enhancement in the company
– RISK IT and Risk Treatment
– Security Management Model
and other topics that are necessary to deal with business risks and to understand the security aspects from all perspectives.
– Knowledge of Business Model for Information Security
– Knowledge of Risk IT – principles, processes and risk management
Contents of Risk IT and its domains
– Definition of the basic terms in risk management and the creation of a risk profile
– Definition of risk universe, definition of risk factors, risk appetite and risk tolerances, risk culture, risk profile
– Definition of risk in a company and its impact on business objectives
– Introduction to the Risk IT Process Model
– Risk IT basic principles and detailed resolution of the risk principlesKey Risk Indicators
– the risk treatments in the company, risk matrix and their influence on projects and companies
– Risk scenarios with the components and their effects
– Mapping of risk scenarios to other frameworks (COBIT® 5.0 and ITIL® 2011)
– Risk analysis and treatments
– Risk management tools and techniques
BMIS (Business Model for Information Security)
– BMIS Main elements
– BMIS dynamic main connecting elements
– Zachmann Enterprise Architecture
– Application of BMIS
– Steps to improve security
Requirements: COBIT® 5.0 Foundation knowledge, ITIL® 2011 Foundation is an advantage
In this workshop we will cover many interesting aspects that are often overlooked in business. Contact us and we will help you to address the various RIBIS aspects in the workshop and ensure that you develop a company-specific concept to identify and evaluate risks, plan measures and implement the measures in the context of risk management projects.