This course identifies vulnerabilities and inherent risks of computer systems. It also introduces cost-effective risk analysis techniques for identifying and quantifying accidental and malicious threats to computer systems, and developing contingency and recovery plans. The qualitative risk analysis process, using techniques such as the practical application of risk analysis (PARA) and facilitated risk analysis process (FRAP), is covered.
- Develop a risk-assessment statement that identifies vulnerabilities and inherent risks within those computer systems. Included are client/server, peer-to-peer, distributed, and standalone architectures.
- Evaluate and develop cost-effective risk-analysis techniques that aim to identify and quantify accidental and malicious threats. Also, gain a deep understanding of the motivations and techniques deployed in malicious attacks.
- Develop contingency and recovery plans that should return the system to normal operation within a predictable timeframe, budget, and operational disruption.
- Apply metrics for quantifying risks (QUANTITATIVE METHODS) and the facilitated risk-analysis process (FRAAP - QUALITATIVE METHODS) to create these deliverables. Focus is also given to the evaluation of tangible and intangible risks.
- Gain a practical understanding of the tools and skills required of today's risk-analyst practitioners. Institute methods to accurately assess the skills and readiness of these individuals to effectively perform sensitive risk-analysis tasks.
- Develop organizational methodologies that should create an environment of constant process improvement and self-evaluation. Develop methods to exchange these ideas with other organizations without compromising internal security.
- Understand how to discover, evaluate, and utilize security products/services from private and public organizations. Attention is also given to global vendors and organizations, total cost of engagement and ownership, RFP generation, proposal evaluation, and contractual obligations. The focus of the vendor relationship is risk mitigation and contingency planning.