This course deals with how IT helps to achieve an appropriate balance between realizing opportunities for gains while minimizing losses. It is an integral part of good management practice and an essential element of good corporate governance. It is an iterative process consisting of steps that, when undertaken in sequence, enable continuous improvement in IT decision-making and facilitate continuous improvement in IT performance.
• Conceptualize organizations risk management within IT processes
• Identify and analyze risks within IT operations and understand the implications to the whole business operation
• Improve IT operation risk level thru the application and implementation of IT risk management methodology and best practices
• Support the attainment of organizational business objectives by providing comprehensive perspective of IT risk management to the executive management of the organization
• Plan to implement tool for identifying, analyzing, eradicating and communicating the risks within the cycle of risk management
Segment 1: Risk Management Introduction
• The segment defines Process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and deciding what countermeasures.
Segment 2: Risk Management Processes
The participants learn to recognize the following issues in the risk management processes such as:
• Identification and classification of information resources or assets that need protection
• Assess threats and vulnerabilities and the likelihood of their occurrence Identification and classification of information resources or assets that need protection
• Assess threats and vulnerabilities and the likelihood of their occurrence.
Segment 3: Risk Indicators
This segment shall describe on the need of IT risk management to operate at multiple levels with divesified risk indicators including:
• Operation: risks that could compromise the effectiveness of IT systems and supporting infrastructure
• Project: risks management needs to focus on the ability to understand and manage project complexity
• Strategic: the risk focus shifts to considerations such as how well the IT capability is aligned with the business strategy.
Segment 4: Loss Event Database
The segment shall describe to the participants on intentional and unintentional action that causes data loss, and highlight on organizational responsibility such as:
• preventing data loss
• recovery from data loss
• Cost of data loss.
Segment 5: Effective Risk Management
This segment shall describe to the participants how to establish effective risk management program that covers:
• Establish purpose of the risk management program
• Assign the responsibility for the risk management
Segment 6: Risk Management Maturity
• This segment shall describe the road-mapping of risk management as related to IT processes; the framework will be based on the CMM maturity level concept.
Segment 7: IT Risk Management
• This segment shall describe on the Information Technology risk management which is part of the organization IT governance encompassing such as: the identification, assessment, and prioritization of IT operation risks, and followed by coordinated and economical application of IT resources to minimize, monitor, and control the probability and/or impact of unfortunate events.
Segment 8: Cases
• IT risk management cases
Kegiatan pelatihan dirancang agar peserta dapat memahami secara komprehensif materi yang disampaikan, sehingga dapat dimplementasikan secara aplikatif dalam dunia kerja. Adapun metode yang digunakan adalah:
3. Case Study