This workshop presents an approach to Risk Management applicable to both Enterprise Risk Management and Information Security Risk Management.
Information Security Risk Management is a process in which businesses identify and estimate the impact and likelihood of potential threats occurring to the information assets. The confidentiality, integrity and/or availability of these assets needs to be considered. A risk profile, development and monitoring of the controls will ensure effective risk mitigation.
In this workshop we will work through an Asset-Threat matrix used to estimate impact and likelihood for each threat on each asset. The matrix is then sorted to show the significant threat exposures and significant asset vulnerabilities. The exposure profiles are then used to select appropriate mitigations from a broad range of options and combinations.
This workshop will explain and discuss:
- How to create your organisation’s Threat-Asset matrix;
- The benefits of Quantitative versus Qualitative risk analysis;
- Creating the Risk Exposure Profile and the Asset Vulnerability Profile;
- Applying Mitigations using a broad range of controls; and
- Monitoring risk performance
Who should attend?
This workshop is designed for Risk Managers and those interested in improving Risk Management in their organisation or participating in the Risk Management process.