Certified Data Centre Risk Professional - CDRP® (exam included) - Course Language: English

Risk management is the process of identifying vulnerabilities and associated threats, followed by estimating the level of risk and its impact on the organisation. Based on international standards (ISO/IEC27001) and guidelines (ISO/IEC 27005, NIST800-30, ISO/IEC 31000), the Certified Data Centre Risk Professional course is a two-day course designed to expose attendants to the overall risk management process.Focus is on the data centre infrastructure, the physical data centre facility and equipment. The attendant will learn how to identify and quantify risk in their organisation, creating the ability to reduce the risk to a level acceptable for the organisation to allow them to make sound investment decisions based on facts rather than emotions. CDRP® is a must for every organisation that wants to manage their risk without over spending.After completion of the course the participant will be able to:Understand the different standards and methodologies for risk management and assessmentEstablish the required project team for risk managementPerform the risk assessment, identifying current threats, vulnerabilities and the potential impact based on customised threat cataloguesReport on the current risk level of the data centre both quantitative and qualitativeAnticipate and minimise potential financial impacts Understand the options for handling riskContinuously monitor and review the status of risk present in the data centreReduce the frequency and magnitude of incidentsDetect and respond to events when they occurMeet regulatory and compliance requirementsSupport certification processes such as ISO/IEC 27001Support overall corporate and IT governanceInhalteIntroduction to Risk ManagementRisk management conceptsSenior management and riskEnterprise Risk Management (ERM)Benefits of risk managementData Centre Risk and ImpactRisk in facility, power, cooling, fire suppression, infrastructure and IT servicesImpact of data centre downtimeMain causes of downtimeCost factors in downtimeStandards, Guidelines and MethodologiesISO/IEC 27001:2013, ISO/IEC 27005:2011,ISO/IEC 27002:2013NIST SP 800-30ISO/IEC 31000:2009SS507:2008ANSI/TIA-942Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)Risk Management DefinitionsAssetAvailability/Confidentiality/IntegrityControlInformation processing facilityInformation securityPolicyRiskRisk analysis/Risk assessment/Risk evaluation/Risk treatmentThreat/VulnerabilityTypes of riskRisk Assessment SoftwareThe need for softwareAutomationConsiderationsRisk Management ProcessThe risk management processEstablishing the contextIdentificationAnalysisEvaluationTreatmentCommunication and consultationMonitoring and reviewProject ApproachProject management principlesProject management methodsScopeTimeCostCost estimate methodsContext EstablishmentGeneral considerationsRisk evaluation, impact and acceptance criteriaSeverity rating of impactOccurrence rating of probabilityScope and boundariesScope constraintsRoles & responsibilitiesTraining, awareness and competenceRisk Assessment - IdentificationThe risk assessment processIdentification of assetsIdentification of threatsIdentification of existing controlsIdentification of vulnerabilitiesIdentification of consequencesHands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequencesRisk Assessment - Analysis and EvaluationRisk estimationRisk estimation methodologiesAssessment of consequencesAssessment of incident likelihoodLevel of risk estimationRisk evaluationHands-on exercise: Assessment of consequences,probability and estimating level of riskRisk TreatmentThe risk treatment process stepsRisk Treatment Plan (RTP)Risk modificationRisk retentionRisk avoidanceRisk sharingConstraints in risk modificationControl categoriesControl examplesCost-benefit analysisControl implementationResidual riskCommunicationEffective communication of risk management activitiesBenefits and concerns of communicationRisk Monitoring and ReviewOngoing monitoring and reviewCriteria for reviewRisk scenariosRisk assessment approachData centre site selectionData centre facilityCloud computingUPS scenariosForce majeureOrganisational shortcomingsHuman failureTechnical failureDeliberate actsExamSample questionsSelf study (time permitted)Exam: Certified Data Centre Risk Professional