wordpress.simplitrain.com

course

Home / Courses / Certified Data Centre Risk Professional (CDRP®)

Course Objectives

After completion of the course, the participant will be able to:

  • 1. Understand the different standards and methodologies for risk management and assessment 2. Establish the required project team for risk management 3. Perform the risk assessment, identifying current threats, vulnerabilities and the potential impact based on customised threat catalogues 4. Report on the current risk level of the data centre both quantitative and qualitative 5. Anticipate and minimise potential financial impacts 6. Understand the options for handling risk 7. Continuously monitor and review the status of risk present in the data centre 8. Reduce the frequency and magnitude of incidents 9. Detect and respond to events when they occur 10. Meet regulatory and compliance requirements 11. Support certification processes such as ISO/IEC 27001 12. Support overall corporate and IT governance

Agenda

  • Risk management concepts
  • Senior management and risk
  • Enterprise Risk Management (ERM)
  • Benefits of risk management

  • Risk in facility, power, cooling, fire suppression, infrastructure and IT services
  • Impact of data centre downtime
  • Main causes of downtime
  • Cost factors in downtime

  • ISO/IEC 27001:2013, ISO/IEC 27005:2011, ISO/IEC 27002:2013
  • NIST SP 800-30
  • ISO/IEC 31000:2009
  • SS507:2008
  • ANSI/TIA-942
  • Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)

  • Asset
  • Availability/Confidentiality/Integrity
  • Control
  • Information processing facility
  • Information security
  • Policy
  • Risk
  • Risk analysis/Risk assessment/Risk evaluation/
  • Risk treatment
  • Threat/Vulnerability
  • Types of risk

  • The need for software
  • Automation
  • Considerations

  • The risk management process
  • Establishing the context
  • Identification
  • Analysis
  • Evaluation
  • Treatment
  • Communication and consultation
  • Monitoring and review

  • Project management principles
  • Project management methods
  • Scope
  • Time
  • Cost
  • Cost estimate methods

  • General considerations
  • Risk evaluation, impact and acceptance criteria
  • Severity rating of impact
  • Occurrence rating of probability
  • Scope and boundaries
  • Scope constraints
  • Roles & responsibilities
  • Training, awareness and competence

  • The risk assessment process
  • Identification of assets
  • Identification of threats
  • Identification of existing controls
  • Identification of vulnerabilities
  • Identification of consequences
  • Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences

  • Risk estimation
  • Risk estimation methodologies
  • Assessment of consequences
  • Assessment of incident likelihood
  • Level of risk estimation
  • Risk evaluation
  • Hands-on exercise: Assessment of consequences,
  • probability and estimating level of risk

  • The risk treatment process steps
  • Risk Treatment Plan (RTP)
  • Risk modification
  • Risk retention
  • Risk avoidance
  • Risk sharing
  • Constraints in risk modification
  • Control categories
  • Control examples
  • Cost-benefit analysis
  • Control implementation
  • Residual risk

  • Effective communication of risk management activities
  • Benefits and concerns of communication

  • Ongoing monitoring and review
  • Criteria for review

  • Risk assessment approach
  • Data centre site selection
  • Data centre facility
  • Cloud computing
  • UPS scenarios
  • Force majeure
  • Organisational shortcomings
  • Human failure
  • Technical failure
  • Deliberate acts

  • Actual course outline may vary depending on offering center. Contact your sales representative for more information.
Tags
Technical Core Type: Core 5 Vendor: Other Product Line: Other Technical
FREE

Interested in course?

Buy Course

Course Type: Instructor Led