Course on Implementation of Financial Assessment of Information Risk

It is said — risk and reward! However, the risk often results in financial losses and unrealized projects. Risks cannot be avoided, but they can be managed. Quantitative risk assessment can be started at any time. It is enough to have at least Excel and a few experts. Quantitative assessment is always better than qualitative, because it is the next evolutionary step, giving grounds for gaining experience, comparisons and better solutions.

During the seminar, we consider step by step cases in point, in an easily understandable and entertaining manner, of the implementation of quantitative assessment of information: from the analysis of input information, choice of parameters, choice of model, first calculation, to the procedures of coordination and implementation.

During 8 academic hours of the course (4x90 minutes), the following topics will be considered:

1. Why financial evaluation is needed, who should do it and what precedes it: components of information risk in view of general maturity, business model and strategy, risk-appetite.
2. Identification of sources of input information required for the implementation of monetary valuation: balance sheet data, IT projects, IT architecture, regulatory requirements, security threats, security risk analysis, etc. Means and tools of information gathering. Analysis of information and determination of monetary valuation parameters based on the analysis results.
3. Creating assessment methods by the example of using scenario analysis and scoring models. Examples and tools: scenario analysis of information security incidents (using Miter Att@ck). Scoring incident cost model (using the ENISA calculator).
4. Mechanisms of interaction and reporting in the implementation of quantitative assessment methods. Methodology testing, results analysis, updates.

To whom it will be interesting? Risk, security, audit, methodology experts.
 

The course is read by Anastasia Konoplyova

Anastasia is a certified trainer, the holder of certificates CISA, CRISC, CDPSE, Director of UAG LLC (continuity since 1999), President of ISACA Kyiv 2018-2020, Master of Economics (Economic Cybernetics), has experience in auditing and consulting since 2005 for companies from 5 to 40,000 employees in implementation and control of information security management systems, business continuity plans, audit of information systems, implementation of consulting projects on process automation, electronic document management and archiving, implementation of operational risk management systems, audit of financial statements, capital, credit risks.

The cost of the program is to be specified

Date — on request

Venue and format are discussed individually
 

If you have any questions — call/write +38 095 310 -17- 82 (WhatsApp, Viber) or academy@bdo.ua