Risk Program Development - Governance and Appetite Workshop
In this course, students learn how to construct a risk management program within the three fundamental pillars of governance, appetite, and policy. Specifically, the course will educate the student on how best to structure decision-makers in the organization to gain the risk information they need to be more effective. Furthermore, the audience will learn how to quantitatively communicate their expectation for risk response through documented risk appetite. Finally, the student will also learn tips and tricks for structuring policy and procedure for program execution. This course uses the latest model in the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)--the Facilitated process for managing Operational Risks Tailored for the Enterprise (FORTE). OCTAVE FORTE helps your organization assess its technical risks and build an enterprise risk management (ERM) program using a process that spans the entire risk management lifecycle from identification through closure. The course concludes with a workshop for students that provides them with the opportunity to develop their own assets to include a model for their risk governance structure, a risk appetite statement, and a draft risk management program policy.
Audience
This course is targeted to executives, managers, and technical staff who play a decision making role in the enterprise. This may include members of the following functions:
- Security
- Information security
- Information systems
- Strategy
- Risk management
- Operations
Objectives
At the completion of the course, learners will be able to draft and publish a complete policy and procedure that informs an organization on how to conduct proper risk management. This may be specifically tailored for a cyber risk management program or elevated to an enterprise risk management related policy that addresses all risks in an organization in a consistent and standardized manner.
Topics
- Fundamental Principles of Risk Management
- Establishing a program for risk-based decision making
- Governance structure
- Risk appetite development and application
- Policy and procedure development
Materials
Course materials include slides and templates utilized for policy and tool development.
Prerequisites
Before registering for this course, it is recommended that students understand and list the strategic objectives for their organization. If confidential or not practical, the course will provide example use cases for application of tools.
Course Fees in USD
- Govt/Academic $1,200
- Industry $1,500
- International $2,250
Schedule
This 2 day course meets at the following times:
Days 1-2, 8:30 a.m. - 4:30 p.m. Eastern Time
This course may be offered by special arrangement at customer sites. For details, please email course-info@sei.cmu.edu or telephone at +1 412-268-1817.
IMPORTANT NOTICE:
Carnegie Mellon University/Software Engineering Institute offices will be closed for winter break, December 21, 2024-January 1, 2025. SEI course registrations received during this period will be confirmed and enrollment completed upon our return on January 2, 2025.
Course Questions?
Email: | course-info@sei.cmu.edu |
Phone: | 412-268-7388 |
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.