Technology Risk Management for Non-IT Professionals
Technology risk management extends beyond cyber risk management and focuses more upon operational factors that can impact upon an organizations’ technology function. Of major importance to external auditors, information technology general control effectiveness (ITGC’s) impacts heavily upon your organization in terms of time and cost.
Where ITGC’s are found to be deficient, or where a cyber attack has successfully breached perimeter defences, your next statutory external audit and those in following periods, will take considerably longer due to a greater degree of examination of control design, applicability and operation by auditors. The costs of prolonged ITGC and associated technology risk controls can be considerable and not limited to purely the next audit period.
CyberEx has developed a technology risk management programme to complement our cyber risk awareness and cyber risk management training modules. In many instances, IT is viewed within divisions and departments are being a separate entity, with stand-alone policies and procedures beyond those applying to other operations.
With our technology risk management training programme, a broader personnel profile group can gain valuable and crucial knowledge and skills in understanding the full implications of technology operations. As certified ISO27002 auditors and GDPR practitioners, we have widespread expertise in understanding technology operations and organizational issues. Our technology risk management module is taught in a standard presentation format and may be added to our other core programme modules according to your organization’s needs.
TechRisk Course Curriculum
- Organisational Factors
- IT Governance
- Risk Assessment Fundamentals
- Top-Down Methodology
- Threat Vector Mapping
- Risk Controls – Types; Design; Assessment, Auditing
- Control Testing Techniques – Walk-thru; Sampling; Timing; Prioritisation
- IT Environment – Program Change, SoD; SDLC; Access
- Entity Testing; Risk Management Effectiveness
- Reflection on Learning