It is critical to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD) and the latest attack; compliance mandates such as HIPAA, FISMA, SOX, and PCI; and security risk frameworks that typically have little to do with the way the rest of the organization measures risk and prioritizes operational risk management activities. CFOs, enterprise risk management officers, internal audit directors, and CISOs need information risk management approaches that align with business objectives. A measurement approach tied to strategic business objectives will ensure that planning, budgeting, and the allocation of operational resources are focused on what matters most to the organization. In addition, a shift to such an approach will help identify metrics that are expensive to collect and may not be worth the investment. Students in this course will use real-world strategic objectives to develop specific business goals and the applicable questions, indicators, and actionable metrics that they can implement at their own organizations to improve their ability to manage operational risks, particularly cybersecurity risks.
Directors and managers of:
Security professionals who support the above roles (security engineers, security architects, network engineers. security risk analysts, etc.)
This course will help participants to
This course has no prerequisites.
Participants will receive a downloadable copy of the course materials.
This two day course meets at the following times:Days 1 and 2: 8:30 a.m. - 5:00 p.m.
Course Fees [USD]
U.S. Industry: $1500
U.S. Government/Academic: $1200
This course may be offered by special arrangement at customer sites.