Certified Datacenter Risk Professional (CDRP)
Startdaten und Startorte
Beschreibung
Introducton
Datacenters are at the core of many organizations. Downtime, of applications or the data center itself, could lead to major direct and indirect losses to the business. This has led many organizations to build resilience at various levels such as at the datacenter infrastructure and at the ICT layer. Fact is
though that most companies are either over- or under spending due to the fact that many organizations have not been able to answer basic questions such as what is the cost of downtime being it per application and/or the datacenter itself.
Without knowing the cost of downtime it would be impossible to determine what level of investment is justified to mitigate the risks of dow…
Frequently asked questions
Es wurden noch keine FAQ hinterlegt. Falls Sie Fragen haben oder Unterstützung benötigen, kontaktieren Sie unseren Kundenservice. Wir helfen gerne weiter!
Introducton
Datacenters are at the core of many organizations. Downtime, of
applications or the data center itself, could lead to major direct
and indirect losses to the business. This has led many
organizations to build resilience at various levels such as at the
datacenter infrastructure and at the ICT layer. Fact is
though that most companies are either over- or under spending due
to the fact that many organizations have not been able to answer
basic questions such as what is the cost of downtime being it per
application and/or the datacenter itself.
Without knowing the cost of downtime it would be impossible to determine what level of investment is justified to mitigate the risks of downtime. This has led to the fact that many datacenters have been built at potentially a Tier-4 level as per the ANSI/TIA-942, where, as from a business perspective, a Tier-3 level would have been enough.
Risk management is the process to identify vulnerabilities and associated threats, to be followed by estimating the level of risk that they may face and how they might impact the organization if these risks were to emerge. Based on international standards (ISO/IEC27001:2005) and guidelines (ISO/IEC 27005:2011, NIST 800-30, ISO/IEC 31000/31010), CDRP (Certified Data Centre Risk Professional) is a course designed to expose attendants to the overall risk management process.
Focus is on both the datacenter infrastructure and the physical
data center facility and equipment; the attendant will learn how to
identify and quantify risk in their organization, creating the
ability to reduce the risk to a level acceptable for the
organization to allow them to make sound investment
decisions based on facts rather than emotions. CDRP is a must for
every organization that wants to manage their risk without over
spending.
Target Audience
The primary audience for this course is an IT, Facilities or
Datacentere Operations professional working in and around the data
center (representing both end-customers and/or service
provider/facilitators) and having responsibility to achieve and
improve hi-availability and manageability of the Datacenter,
such as: Data center managers, Operations / Floor / Facility
managers, IT managers, Information security managers, Security
professionals, Auditors / Risk Managers / Professionals responsible
for IT/corporate governance.
Foreknowledge
While there are no specific requirements for this course, participants with at least three years of actual experience in datacenter and/or IT infrastructures is recommended. This experience may come from a business or IT background but it is believed that the candidate has knowledge of both environments, understanding the mission of their organization.
Goal
Understand the different standards and methodologies for risk
management and assessment
Establish the required project team for risk management
Perform the risk assessment identifying current
threats,vulnerabilities and the potential impact based on
customized threat catalogues
Report on the current risk level of the data centre both
quantitative and qualitative
Anticipate and minimizing potential financial impacts
Understand the options for handling risk
Continuously monitor and review the status of datacenter risk
present
Reduce the frequency and magnitude of incidents
Detect and respond to events when they occur
Meet regulatory and compliance requirements
Support certification processes such as ISO/IEC 27001:2005
Support overall corporate and IT governance
Subjects
- Introduction to Risk Management
- Risk management concepts
- Managements′ concern
- Enterprise Risk Management (ERM)
- Information technology risk and the business
- Information security risk management
- Datacenter risk
- Benefits of risk management
- Standards, Guidelines and Methodologies
- ISO/IEC 27001:2005, ISO/IEC 27005:2011,
- ISO/IEC 27002:2007
- ISO/IEC 27005 in relation to ISO/IEC 27001 ISMS
- NIST SP 800-30
- ISO/IEC 31000:2009
- SS507:2008
- TIA/ANSI-942
- Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)
- Risk Management Definitions
- Asset
- Availability / Confidentiality / Integrity
- Control
- Information processing facility
- Information security
- Policy
- Risk
- Risk analysis / Risk assessment / Risk evaluation
- Risk treatment
- Threat / Vulnerability
- Types of risk
- Risk Assessment Software
- Risk assessment software
- Automation
- Considerations
- Vendor selection
- Risk Management Process
- The risk management process
- Establishing the context
- Identification
- Analysis
- Evaluation
- Treatment
- Communicate and consultation
- Monitoring and review
- Project Approach
- Project management principles
- Project management methods
- Scope
- Time
- Cost
- Roles and responsibilities
- Context Establishment
- General considerations
- Basic criteria
- Risk appetite vs. risk tolerance
- Scope and boundaries
- Scope constraints
- Organization for risk management
- Training, awareness and competence
- Risk Assessment - Identication
- The risk assessment process
- Identification of assets
- Identification of threats
- Identification of existing controls
- Identification of vulnerabilities
- Identification of consequences
- Hands-on exercise: Identification of assets, threats,
- existing controls, vulnerabilities and consequences
- Risk Assessment - Analysis and Evaluation
- Risk estimation
- Risk estimation methodologies
- Assessment of consequences
- Assessment of incident likelihood
- Level of risk estimation
- Risk evaluation
- Hands-on exercise: Assessment of consequences,
- likelihood and estimating level of risk
- Risk Treatment
- The risk treatment process
- Residual risk
- Risk reduction
- Constraints in risk reduction
- Risk retention
- Risk avoidance
- Risk transfer
- Control categories
- Cost-benefit analysis
- Control implementation
- Communication
- E‑effective communication of risk management activities
- Risk Monitoring and Review
- Ongoing monitoring and review
- Criteria for review
- Risk scenario′s
- Risk assessment approach
- Datacenter site and facility
- Force majeure
- Organizational shortcomings
- Human failure
- Technical failure
- Deliberate acts
- Exam
- Sample questions
- Self study (time permitted)
- Exam: Certified Datacenter Risk Professional
Werden Sie über neue Bewertungen benachrichtigt
Schreiben Sie eine Bewertung
Haben Sie Erfahrung mit diesem Kurs? Schreiben Sie jetzt eine Bewertung und helfen Sie Anderen dabei die richtige Weiterbildung zu wählen. Als Dankeschön spenden wir € 1,00 an Stiftung Edukans.Es wurden noch keine FAQ hinterlegt. Falls Sie Fragen haben oder Unterstützung benötigen, kontaktieren Sie unseren Kundenservice. Wir helfen gerne weiter!