seminar catalog 2008 - icatt. · pdf fileseminar catalog 2008. ... advanced business lectures...

RISK MANAGEMENT•

FRAUD PREVENTION•& INVESTIGATION

INFORMATION SECURITY •GOVERNANCE/COMPLIANCE

INTERNAL CONTROLS AUDITING•

BUSINESS CONTINUITY •& DISASTER RECOVERY PLANNING

WORLD CLASS CORPORATE GOVERNANCE & COMPLIANCE TRAINING

www.certifiedinfosec.com1004 Green Pine Circle • Jacksonville, FL • 32065 • USA • Tel: + 1 (904) 406 4311• Fax: +1 (904) 291-1876

SEMINAR CATALOG 2008

united states • CURAÇAO • Trinidad • JAMAICA • ST. LUCIA

ST. VINCENT • Grand cayman • ENGLAND • ARUBA • BARBADOS

http://www.certifiedinfosec.com


Our business is training you to improve your business.

Precise and appropriate internal controls investment – fulfilling, but •not exceeding, all critical organizational business objectives including those related to business process efficiency, performance, availability, and compliance with laws and regulations;

A structured approach to internal controls deployment, management, •and monitoring according to ISO/IEC best practices;

Effective prevention, detection, investigation, and containment of costly •internal fraud and abuse; and

More efficient strategy-driven business continuity and disaster recovery •planning and investment.

At Certified Information Security, we understand and respect that our training is ultimately judged by the return your organization realizes from its corresponding investment. Each of our custom-designed workshop-oriented seminars prove their value by providing explicit and tangible recommended actions for achieving early and measurable improvement and savings. Our customers leave our seminars with a clear action plan for moving forward.

Our president and seminar leader, Allen Keele, is accredited as a Certified Fraud Examiner, a Certified Information Security Manager, a Certified Information Systems Auditor, a Certified Information Systems Security Professional, and has over 20 other professional and technical accreditations. Mr. Keele shares over seventeen years of experience in information security and risk management, including nine years of conducting professional advanced business lectures and seminars across the United States, the United Kingdom, Asia, and Caribbean. He has spoken many times on behalf of the Institute for Internal Auditors (IIA) and for the Information Systems Audit and Control Association (ISACA). He was a featured speaker for ISACA at its North American conference, CACS. Mr. Keele is also a published author with five texts currently available. His fifth title, ExamCram 2: Certified Information Systems Auditor, was released in April 2005.

Allen Keele, President & CEO

© Copyright 2003 -2008 Certified Information Security (Certified Tech Trainers, Inc.) – www.certifiedinfosec.com. All rights reserved.

We offer world-class management training for a variety of urgent corporate governance and compliance issues in today’s competitive world. Our instruction is provided by published authors, noted speakers, and recognized industry experts.

Since 1999, Certified Information Security has been helping board members, officers, and management gain the critical new knowledge and skills they need to meet internal and external expectations for prudent information security governance.

Our business training advocates and facilitates a risk-based approach to information security governance that ensures:

2


Our customers include:

3

Atlantic LNGAqualectra

Bank of BarbadosBank of Jamaica

Bank van de Nederlandse AntillenBritish Gas Group TrinidadBritish Petroleum Trinidad

Cable & Wireless Caribbean RegionUnited States Marine Corps Cayman Island Government

Central Bank of ArubaCentral Bank of Trinidad & TobagoCivil Aviation Authority of Jamaica

Deloitte & ToucheDigicel

Eastern Caribbean Central BankEastern Caribbean Financial Holding Company

EOG Resources TrinidadFirst Caribbean International Bank

First Citizen’s Bank GIRO Bank

Government of AnguillaGrace Kennedy

International Financial Services Authority of St. VincentJamaica Cooperative Credit Union League

Jamaica Deposit Insurance CorporationJamaica Financial Services Commission

Jamaica National Building SocietyKPMG

Life of JamaicaMethanol Holding CompanyMinistry of Finance of Aruba

Ministry of Finance of MontserratMinistry of Public Information and Administration of Trinidad

National Bank of Anguilla Ltd.National Bank of Barbados

National Commercial Bank (NCB)National Gas Company of Trinidad

National Insurance Office of BarbadosPCS Nitrogen

Petrojam LimitedPowerGen of Trinidad & Tobago

PriceWaterhouseCoopersRBTT Bank

Republic Bank of GuyanaScotia Bank

Sol PetroleumSt. Lucia ElectricityTelem St. Maarten

Trinidad & Tobago Unit TrustTelecommunications Services of Trinidad and Tobago (TSTT)

United Telecommunication Services (UTS)Victoria Mutual Building Society

Valero Aruba RefineryWater and Sewage Authority of Trinidad & Tobago

West Indies Aluminum Company (WINDALCO)

[email protected]

mailto://[email protected]

Learn the principles of fraud examinationGet a broad understanding of the field of fraud examination — from what fraud is, to how it is committed, detected, and deterred. Coverage begins with an explanation of fraud examination methodology, followed by detailed examination of the most prevalent fraud schemes used by employees, owners, managers, and executives.

What else you will learn in this two-day seminarThis two-day seminar is based on the three main categories of occupational fraud and abuse (asset misappropriation, corruption, and fraudulent statements) and 13 principal schemes, as identified by the Report to the Nation on Occupational Fraud and Abuse.

Modules explain the major schemes and provide relevant statistics on cost and frequency, as well as the perpetrators and victims of these crimes. Each scheme is illustrated with several real-life cases. The course clearly outlines prevention, detection and investigation strategies. Essential terms, questions, and discussion issues help students understand and retain the material. Not to be confused with forensic accounting instruction, this course is designed for a broad corporate management audience.

Skimming1. Cash Larceny2. Billing Schemes3. Check Tampering4. Expense Reimbursement Schemes5. Register Theft Disbursement Schemes6.

Based upon courseware endorsed by the Association of Certified Fraud Examiners and presented by a fully accredited Certified Fraud Examiner, this seminar provides the understanding and the tools you need to prevent and detect internal (occupational) fraud within your organization.

Appropriate attendees for this seminarInternal fraud investigators / examiners•Executive officers (CEO/CFO/COO...)•Financial auditors / examiners•Operations auditors•Systems auditors•Human resource managers•Accountants•Payroll administrators•Accounts payable/receivable administrators•Finance department managers•Sales managers•Security managers•

Course modules included

CORPORATE FRAUD PREVENTION & DETECTION

Theft of Non-Cash Assets7. Corruption and Collusion8. Common Accounting and Transaction Fraud9. Fraudulent Financial Statement Schemes10. Interviewing Witnesses Overview *11.

To ensure that your organization will achieve early success in detecting internal fraud and abuse, attendees will receive information on 178 proactive computerized audit queries that can be performed to help uncover potential problems. Attendees will also analyze and retain 18 case studies to help them get a better real-life exposure to fraud in the work-place.

4

* For more information on this topic, “Interviewing Witnesses”, we recommend Advanced Interview Techniques for Investigating Internal Fraud and Abuse as a subsequent follow on to this course.

Extensive detailed topic outline is available upon request.

FRAUD

PREVENTI

ON

/

DETECTI

ON

/

INVESTIGATI

ON

2-Day Seminar

16 ContinuingProfessional Education

Credit Hours

For currently scheduled seminars please see

www.certifiedinfosec.com+1 (888) 988-4500 (USA)

+1 (904) 406-4311


ADVANCED INTERVIEW TECHNIQUES FOR INVESTIGATING INTERNAL FRAUD AND ABUSE

Learn critical interviewing concepts and skillsEven good employees sometimes do bad things. If your organization encounters an instance of employee abuse or fraud such as misuse of company resources, theft of assets, fraudulent disbursement, or other issues, investigation of the incident will require interviewing and interrogating employees. Such interviews require special preparation, documentation, and interviewing skills in order to resolve cases of internal fraud or abuse.

What else you will learn in this two-day hands-on seminarWhat are people hiding from you? Criminals, clients, customers and even colleagues may each be hiding something from you. Learn how to be more effective in asking questions and evaluating responses so you can better detect lies and uncover the truth. By enhancing your interview techniques, you will get more information, more insight and less deception from everyone you interview. Even experienced professionals will improve their interviewing skills with this renowned course.

This two-day workshop will give you the knowledge and skills you need to effectively interview and interrogate witnesses, conspirators, and perpetrators potentially involved with incidents of fraud or abuse. Set into a practical workshop format, important concepts are reinforced through your in-class analysis of real videotaped interviews from actual investigations of two cases of internal employee fraud. Concepts are further reinforced through 14 workshop case studies you will help solve in class along with other attendees.

◊ Learn how to prepare for the interview

◊ Know your boundaries: Legal considerations for investigating and interviewing employees

◊ Understand the science of communication

Do you know your legal authority for conducting interviews?•Can you use deception in interviews?•How do you avoid breaching the employees’ rights under law?•How do you avoid employee claims of breach of privacy, emotional distress, defamation, false •imprisonment, or assault and battery?What about trade union protection?•

What are communication facilitators and inhibitors?•What is the employee really saying with word choice, tone, and syntax?•What is the employee really saying with body language from the head, face, nose, mouth, eyes, •arms, shoulders, elbows, hands, legs, feet, and posture?What is the employee really saying with anger, boredom, frustration, and body movements?•

How do you properly establish the foundation for your investigation?•What is the best venue and physical environment for interviewing?•How should you plan the interview for witnesses, conspirators, and perpetrators?•

What are 13 verbal clues of deception you need to recognize?•What are 10 non-verbal clues of deception you need to recognize?•What is the proper interviewing sequence and use of questioning? How do you open the •interview, get good information, resolve contradictions or deceit, and close the interview?What is the best approach to obtaining an admission of guilt? How do you help the employee •rationalize what he or she did and tell you what truly happened?

◊ Learn how to conduct the interview

◊ Know how to report your findingsHow should your findings be presented to company insiders, attorneys, defendants & witnesses, •the press, or juries?What is a good report structure for presenting your findings?•

Prerequisite requirementThis workshop is an advanced course especially designed to help attendees investigate incidents of internal fraud or abuse, which are taught in this course’s prerequisite Corporate Fraud Prevention & Detection.

FRAUD

PREVENTI

ON

/

DETECTI

ON

/

INVESTIGATI

ON

5Extensive detailed topic outline is available upon request.

2-Day Seminar


Credit Hours



+1 (904) 406-4311


Since fraud can be a catastrophic riskAttending Certified Information Security’s Fraud Risk Assessment Check-Up can save your organization from disaster. If you do not proactively identify and manage your fraud risks, they could put you out of business almost overnight. Even if you survive a major fraud, it can damage your reputation so badly that you can no longer succeed independently. Certified Information Security’s 3-hour Fraud Risk Assessment Check-Up, led by Certified Fraud Examiner Allen Keele, can pinpoint opportunities to save your organization a lot of money, embarrassment, and even help you avoid fraud-related legal compliance liability.

What will we get from attending this breakfast-and-learn workshop? Who should come?This morning-session workshop facilitates collaboration between an objective, independent fraud specialist, and the people within your organization who have extensive knowledge about its operations. The value of this workshop is directly proportionate to the degree of participation by the appropriate members of your organization. Sending the right people to attend will result in immediate improvement and savings to your organization; sending the wrong people will only waste your organization’s time and resources.

Only members of the senior management team and the Board of Directors have the ultimate authority on decisions regarding what fraud risks to accept or to reduce through internal controls and prevention. Since the same senior management team and the Board are also ultimately accountable to external stakeholders such as investors and regulators for how risk of internal fraud and abuse is controlled, it is absolutely imperative that multiple senior members of management participate in this collaborative process.

BREAKFAST & LEARN: FRAUD RISK ASSESSMENT CHECK-UP

During this 3-hour morning session (3 CPE credits with certificate documentation), Mr. Keele will guide you and your team through a quantitative and scored assessment of your organization’s capabilities and business processes on critical fraud program elements such as:

6

FRAUD

PREVENTI

ON

/

DETECTI

ON

/

INVESTIGATI

ON

3-Hour Morning Seminar


Credit Hours



+1 (904) 406-4311Fraud is an expensive drain on an organization’s financial resources. In today’s globally competitive environment, no one can afford to throw away the 6% of revenues that represents the average, and largely hidden cost of fraud. If your organization learns to prevent even only half of that average cost, what is 3% of revenues worth? A lot. If your organization is not identifying and tackling its fraud costs, it is vulnerable to competitors who lower their costs by doing so. Fraud is a common risk that should not be ignored. Fraud is now so common that its occurrence is no longer remarkable. Any entity that has failed to protect itself appropriately from fraud should expect to soon discover that it is a victim of fraud.

Participating in this Fraud Risk Assessment Check-up is an inexpensive way to find out your organization’s vulnerability to fraud, and provides a great opportunity to ask questions from a professional Certified Fraud Examiner. Most organizations score very poorly in early fraud prevention checkups because they don’t have appropriate anti-fraud controls in place. By determining this early, they have a chance to fix the problem before becoming a victim of a major fraud.

Fraud Risk Oversight•Roles and responsibilities for controlling internal fraud for • (recommended attendees):

Executive Board-Level and Officer-Level Mgmt ŘMid-level management ŘRisk manager ŘLegal and compliance ŘPublic relations Ř

Fraud Risk Ownership •Enterprise-Wide Fraud Risk Assessment •Organizational Fraud Risk Tolerance and Risk-Management Policies •Internal Controls to Prevent, Detect, or Correct Internal Fraud •

This professional fraud risk assessment check-up will provide the direction for starting a new fraud control and investigation unit, or for improving your organization’s existing fraud capability – without additional external help! In addition to the hard-copy assessment that each attendee will complete during the session, attendees will also receive at no extra charge:

Get the tools your organization’s anti-fraud unit needs.

A sample Fraud Policy Statement, which will provide the backbone of your anti-fraud capability; and •

A sample Code of Ethics and Fraud Policy, which will provide a very comprehensive template to help •management express what activity is permissible, what activity is not, and how infractions shall be disciplined.

Employee relations / Human resources ŘEthics director ŘAuditor ŘFraud examiner/investigator ŘChief security officer Ř

So how can you help increase the awareness and understanding of fraud risk by other senior management, key department management, and even board members? How can other managers such as these make appropriate decisions regarding policy sufficiency, hiring practices, internal controls funding, or even regulatory compliance efforts if they have never participated in a professionally-led fraud risk gap assessment to determine what anti-fraud program deficiencies exist?


THIS PAGE IS RESERVED FOR A NEW COURSE IN DEVELOPMENT FRAUD

PREVENTI

ON

/

DETECTI

ON

/

INVESTIGATI

ON

7



+1 (904) 406-4311


This concise business seminar tells business leaders exactly what they need to know to make intelligent business decisions about organizational security – without ever getting lost in the technical complexities. The seminar offers realistic, step-by-step recommendations for evaluating and improving information security in any enterprise. From start to finish, the focus is on action: what works and how to get it done.

EXECUTIVE DAY ON INFORMATION SECURITY

What are today’s business drivers for information security?

What else you will learn in this one-day seminar

Understand your executive security challenges, obligations, and accountability•Learn how to better utilize an information security steering committee to achieve convergence of •information security policies and management throughout the organizationUnderstand key cross-functional information security roles and responsibilities for department heads, •business process owners, and information security steering committee membersLearn how the organization can use a risk based approach to internal controls management to reduce •costs and optimize protection and complianceLearn how your organization can systematically identify your risks and vulnerabilities•Learn how your organization can implement best-practice processes for access, acceptable use, •training, strategy, and emergency responseLearn how your organization can establish and monitor security internal security controls according to •respected international frameworks and standards such as: ISO/IEC 17799:2005; ISO/IEC 27001:2005, COBIT , ITILLearn effective executive leadership, governance, and metrics•Staffing security – Learn how to cope with a shortage of expertise•You and your team will be performing 12 in-class gap assessments• , resulting in your own custom executive summary gap assessment for your enterprise wide information security program that clearly indicates what is most critical to initiate or improve your program, and how to best move forward in doing it throughout all departments in the organizationAttendees will receive a course completion certificate for 8 hours of CPE credit applicable to most •accounting, legal, and information security continuing professional education requirements

This is NOT a technical course. This is a business course informing executive and senior management what they need to know about the business drivers and requirements for information security, as well as key cross-functional information security roles and responsibilities for Board Members, Executive Management, Human Resources, Operations, Legal, Information Security Management (CISO), Technology Management, Facilities Management, and Finance.

Whether you’re a CEO, CFO, COO, CIO, a line-of-business executive, or an IT executive who needs to get colleagues up to speed, this is the non-technical, business-driven information security briefing you’ve been searching for.

8

Appropriate attendees for this seminar

How do existing and emerging financial reporting laws and regulations affect how you should be changing the way you do business? How should your organization be re-structured to comply? What is your executive responsibility for governing information security?

Today, every executive must understand information security from a business perspective. Information security today is much more than IT security of yesterday. Financial reporting requirements now hold executive management and the board of directors accountable for how information security is managed throughout the organization, leading to a new comprehensive enterprise-wide approach to security management as it relates to Risk Management, Audit, Legal and Regulatory Compliance, Strategic Planning, IT and IT Security, Human Resources, Facilities and Physical Security, Change Management, Project Management, and even Business Continuity/Disaster Recovery/Emergency Response.

INFORMATI

ON

SECURITY


1-Day Seminar


Credit Hours



+1 (904) 406-4311


INFORMATION SECURITY MANAGER:ARCHITECTURE, PLANNING & GOVERNANCE

Information security has become more important than everYour organization needs to be able to protect the vital information resources your company depends upon, or it will suffer direct financial consequences of losses due to poor access control and poor data integrity maintenance. Protecting your information has also become less of a choice in light of rapidly changing legal compliance requirements for financial institutions, telecommunications companies, insurance organizations, energy companies, and even public utilities. Failing to prepare properly to comply with the security requirements of many new information security related laws could mean a costly remediation later, or could even potentially limit your organization’s ability to continue to compete.

What else you will learn in this three-day seminar

Information security is now much more than simply protecting your information technology and equipment against disruptive incidents such as virus’, worms, and equipment outages. Today, fully robust information security governance must be integrated throughout the enterprise to support legal compliance audits, well-managed access control, prevention and detection of internal fraud and abuse, business continuity, disaster recovery, physical security, and even service contracts with customers. Business processes often need to be re-engineered to avoid or minimize risk, and internal controls need to be well planned, implemented, and maintained.

The first step toward creating or maintaining such a robust information security governance program is to identify and address the skills/knowledge gap that prohibits your organization from effectively achieving its business goals and objectives. Closely mapping to the task requirements appropriate for a Certified Information Security Manager as defined by the Information Systems Audit and Controls Association®, this course provides a comprehensive and advanced foundation of knowledge which includes:

Information Security Governance•Risk Management•Information Security Program Management•Information Technology Deployment Risks•IT Management Risks•IT Networks and Telecommunications Risks•Integrating Information Security into Business Continuity, Disaster Recovery, & Incident Response•Legal Issues•

You and your team will be performing 12 in-class gap assessments, resulting in your own custom executive summary gap assessment for your enterprise-wide information security program that clearly indicates what is most critical to initiate or improve your program, and how to best move forward in doing it throughout all departments in the organization.

Appropriate attendees for this seminarInformation security managers•Chief Information Officer (CIO / CISO)•Compliance officer•Revenue protection manager•Business continuity planners, coordinators, •and team members

IT managers; IT administrators•Risk managers•Facilities managers•Department heads•IT/Systems auditors•

INFORMATI

ON

SECURITY


3-Day Seminar


Credit Hours



+1 (904) 406-4311


PLANNING & IMPLEMENTING INFORMATION SECURITY ACCORDING TO ISO 17799 / ISO 27001

10

Where do you stand in complying with this international standard?Citigroup, U.S. Federal Reserve Bank, United Nations, and World Bank are among those that have already been certified.


Information Security has become more important than ever for organizations like yours, and for your customers. Your organization needs to be able to protect the vital information resources your company depends upon, or it will suffer direct financial consequences of losses due to poor access control and poor data integrity maintenance. Many countries around the world are enacting privacy legislation that radically affects the way your organization can do business in a global marketplace. Complying with the security requirements of many new information security related laws is imperative to today’s information security governance.

Even if your organization is not regulated directly by these laws, you may find that your clients are. The need to govern, implement, and prove sound information security is now simply a fact of doing business. Although information security has often been an ad hoc function in the past, the majority of organizations today are building and maintaining a true formalized information security governance program according to globally recognized standards such as ISO/IEC 17799 and ISO/IEC 27001.

Exploring the use of ISO/IEC 27001, the single global standard for information security best practice, this course provides critical information for understanding the business drivers for information security, as well as the core concepts for planning and implementing information security according to the internationally accepted best practices.

Topics covered include:

Developing an Information Security Management System program•Project managing a successful ISO 27001 internal controls implementation•Core ISO 27001 best practices relating to:•

Companies operating in the financial services sector can especially expect questions from customers and prospective customers about ISO security certification. Other companies which have already passed official certification according to Standard ISO 17799 – ISO/IEC 27001:2005 include CANON, Fuji Xerox, Hitachi, Fujitsu, Mitsubishi Electric, NEC, Sony, Toshiba, U.S. Federal Reserve Bank of New York, Telecom Italia, Japan Telecom, divisions of Siemens, British Telecom, T-Mobile, Ericsson, Samsung, Hyundai, and Vodafone.

Information security policy and scope ŘRisk assessment and Statement of Applicability ŘExternal party controls ŘAsset management ŘHuman Resources security ŘPhysical and environmental security ŘEquipment security ŘCommunications and operations management ŘMalicious software controls ŘNetwork security management and media handling ŘExchange of information ŘElectronic commerce, e-mail and internet security ŘGeneral, network, operating system, and application access control ŘSystems acquisition, development and maintenance ŘCryptographic controls ŘDevelopment and support process security ŘMonitoring of information security and incident management ŘBusiness continuity management ŘCompliance Ř

Preparing for an ISO/IEC 27001 audit•You and your team will be performing 12 in-class gap assessments• , resulting in your own custom executive summary gap assessment for your enterprise-wide information security program that clearly indicates what is most critical to initiate or improve your program, and how to best move forward in doing it throughout all departments in the organization.

INFORMATI

ON

SECURITY


3-Day Seminar


Credit Hours



+1 (904) 406-4311

Appropriate attendees for this seminarInformation security managers•Chief Information Officer (CIO / CISO)•Compliance officer•Revenue protection manager•IT managers; IT administrators•

Risk managers•Facilities managers•Department heads•IT/Systems auditors•


A RISK-BASED APPROACH TO AUDITING & IMPLEMENTING INTERNAL CONTROLS

For the new age of corporate governance, legal compliance, and internal auditing


Learn how to comply with new information security laws and standards•

Learn how IT audits support financial audit•Learn about legal and ethical issues facing IT auditors•Learn how to identify and assess risk from the system auditor’s perspective•

General IT risks and controls ŘIT deployment and IT management risks ŘNetworking and telecommunications risks Ř

A student version of ACL software (Computer Assisted Auditing Tool) is included with this course Ř

Learn how to use computer-assisted audit tools and techniques to make the IS audit go faster, while •improving the quality of the audit

Learn how to conduct the IT audit using a risk-based audit approach•

Learn about implementing the complete IS audit lifecycle, including planning, risk assessment, Řevidence collection, audit opinions, and follow-upGet an overview of AICPA SAS standards 94 and 70 ŘGet an overview of COBIT and how to use it to structure an IS audit Ř

Learn about fraud and forensic auditing•

Many companies now rely quite heavily upon using automated technology for processing a variety of transactions, and for reporting information. Because of this, financial auditors are now forced to consider and test technology in their financial audits. Matter of fact, the Corporate and Auditing Accountability, Responsibility, and Transparency Act of 2002 (Sarbanes-Oxley Act) in the United States even requires it. This course will give you a basic understanding of how formal IT audits such as ISO 17799/27001; SAS 94, SAS 70, and Multi-Lateral Instrument 52-109 audits affect your business and your relationships with your service organization vendors.

INFORMATI

ON

SECURITY



Financial auditors•Operations auditors•Executive managers•Operations managers•Information security managers •IT/Systems auditors•Chief Information Officer (CIO / CISO) •Compliance officer •Service organization & contract managers•Revenue protection managers•Business continuity planners, coordinators, and team members •IT managers •Risk managers •Business process owners (department heads) •

The techniques in this class are intended to be of interest to IS auditors and financial auditors alike, audit managers, audit committee members, senior managers in charge of critical computing systems, as well as senior executives and board members.

3-Day Seminar


Credit Hours



+1 (904) 406-4311


Your revenues are importantWithout them, your organization cannot continue to exist. Anything that could significantly interrupt your revenues or business processes must be quickly and appropriately managed. How well you respond to potential business interruptions is almost entirely dependent upon how well you planned for them. You need to be sure that appropriate response resources, capabilities, and procedures are in place to minimize the financial and human impact of significant potential business disruptions.

What else you will learn in this seminar

Stop wasting money by overspending on some controls, while risking far too much by not investing in others. Even after investing in a new business process or product, continual re-assessment needs to occur to make sure the process or product warrants further investment. This is just good business sense. We will teach you and your management team how to apply a professional risk-based approach to appropriate spending on business continuity and disaster recovery capabilities.

The goal of business continuity and disaster recovery planning is to have the right answers to questions including:

What would we lose?•What if our power went down? •What if our facilities flooded? What if our information and processing were attacked and •compromised by a hacker? What if critical documents and records are stolen? What if we inadvertently break a new international privacy law? What if key management •personnel are unavailable?” How would we continue to service our customers?•How long can our business survive if it is not operational?•How would we protect the safety and well-being of our employees?•How can we minimize the losses of a disaster or disruptive event?•How would our reputation be affected by failing to respond to a disaster or attack with •speed and efficiency?Will our disaster recovery efforts be reported favorably by the media?•

A RISK-BASED APPROACH TO BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING

12

Project Initiation and Management•Risk Evaluation and Control•Business Impact Analysis•Developing Continuity Strategies•Emergency Response and Operations•Developing and Implementing the Business Continuity Plan•Business Continuity/Disaster Recovery Awareness and Training•Maintaining and Testing the Business Continuity Plan and Disaster Recovery Plan•Business Continuity/Disaster Recovery Standards and Guidelines•

Learn the foundation of setting up and maintaining a solid business continuity and disaster recovery program.

Seasoned professionals, as well as those new to the BCM role, will appreciate the real-life practical tone of this course. This course provides you with the forms, templates, examples, and sample contracts you need to be able to effectively manage a professional on-going business continuity and disaster recovery program.

BUSI

NESS

CONTI

NUITY

&

DISASTER

RECOVERY


Executive managers (CEO/CFO/ISO) • (Critical)Business continuity and disaster recovery team leaders • (Critical)Information security steering committee members and team leaders • (Critical)Human resource managers • (Critical)IT security managers • (Critical) Network managers, administrators, and technicians • (Critical) Database administrators • (Critical)Facilities managers • (Important)Risk managers • (Important)Accounting / finance / payroll managers • (Important)Public relations manager• (Important)


2-Day Seminar


Credit Hours



+1 (904) 406-4311


BUSINESS CONTINUITY / DISASTER RECOVERY GAP ASSESSMENT B

USI

NESS

CONTI

NUITY

&

DISASTER

RECOVERY

Find the starting point for improving your business continuity and disaster recovery programChances are, you have some business continuity and disaster recovery planning in place, but it needs to be improved or even re-structured entirely. How do you know where to start making improvements? You need to perform a gap assessment to see where your organization is at with its business continuity and disaster recovery capabilities today. After previously completing our two-day course, A Risk-Based Approach to Business Continuity and Disaster Recovery Planning, you will already know what should be done to best protect your revenues against potential business disruptions and disasters. This additional one-day seminar will teach you how to efficiently perform a gap assessment to clearly determine what needs to be improved, and in what sequence.

Understanding how business continuity management compares to business continuity gap •assessmentHow to formulate the framework and scope of a Business Continuity Management (BCM) gap •assessmentKnowing how to write a clear and concise gap assessment program that management and other •stakeholders will understand and buy intoUnderstanding how to schedule the review, estimate audit time and effort, and to streamline the gap •assessmentUnderstanding the challenges in reviewing complex processes, an in interacting with a wide range of •managerial and technical intervieweesUnderstanding the challenges of auditing BCM of processes you do not understand yourself•Understanding how to analyze information collected to arrive at a well-founded audit opinion•Learning to avoid time-consuming detail when reviewing the BCM process•Learning how BCM gap assessment reports are structured.•Using review reporting samples and templates.•Learn to use a complete Standardized Gap Assessment Program (151 pages) for your gap assessment •audit efforts. A complete template copy of the 151 page gap assessment program is included with this course

Executive managers (CEO/CFO/ISO) • (Critical)Business continuity and disaster recovery team leaders • (Critical)Information security steering committee members and team leaders • (Critical)Human resource managers • (Critical)IT security managers • (Critical) Network managers, administrators, and technicians • (Critical) Database administrators • (Critical)Facilities managers • (Important)Risk managers • (Important)Accounting / finance / payroll managers • (Important)Public relations manager• (Important)

What else you will learn in this one-day seminarLearn the foundation of evaluating and measuring the effectiveness and management of your Business Continuity Management program. Learn the core best practices for:



Prerequisite requirementThis course teaches you and your management team how to properly assess your existing program against the concepts taught in A Risk-Based Approach to Business Continuity and Disaster Recovery Planning, which is a prerequisite for this course.

1-Day Seminar


Credit Hours



+1 (904) 406-4311


Certified Information Security www.certifiedinfosec.com • 1004 Green Pine Circle • Jacksonville, FL • 32065 • USA • Tel: + 1 (904) 406 4311


seminar catalog 2008 - icatt. · pdf fileseminar catalog 2008. ... advanced business lectures...

Documents