In-person training

The goal of the workshop is to show practical ways how to implement security risk management in your organization. We will present the importance of ICT risk management in terms of organizational management and the best utilization of resources in the organization. We will use practical simulations in which we define and test the entire risk management life cycle. We will learn how to set up risk management processes so that the information security and business area would be interconnected, and at the same time understandable for the top management in the organization.

In the workshop, we will discuss the reason and needs for ICT risk management. We will explain the position of risk management within the organization and how it should contribute to security management. Subsequently, we will introduce the basic theory with which we will continue to work. We will talk about vulnerabilities, threats, and risks related to each other, and how to create a sustainable asset management concept that is a good basis for risk management not only on paper but also in practice. Interconnection with other important processes in the organization and mutual symbiosis with ICT risk management will also be explained.

You can also look forward to a demo that highlights the most common security risk management system implementation errors.

Together, we will go through two practical exercises that will focus on the creation of risk management processes for specific application solutions, with the aim of risk analysis using a library of vulnerabilities and threats, creating assessment matrices and their use, designing mitigations measures, defining key indicators to risk profile monitoring, according to risk appetite and risk tolerance. In this way, we go through the whole cycle of security risk management in specific situations.

The bonus will be a touch on cloud risk assessment and a special case of Exit procedure mitigation.

• Introducing risk management as an essential process for managing an organization
• Demonstration of practical implementation of risk management in the organization (in accordance with EBA/GL/2019/04)
• ICT Security risk as part of the overall risk profile
• Setting KPIs in risk management with reference to risk appetite and risk tolerance
• The way of reporting and escalation at different levels of the organization
• Practically approached asset inventory as an essential part of ICT risk management
• Risk management, which is understood by both the IT administrator and the board member