Topic | Name | Description | ||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Readings & Learning Resources |
|
|||||||||||||||||||||||||||||||||||||||
Expected Learning Outcomes | Expected Outcomes: By taking this course you will be able to:
Major topics, Syllabus: Risk Management Planning
Risk Identification
Analysis
Response Development
Risk Monitoring and Control
Relevant Standards and Guides: |
|||||||||||||||||||||||||||||||||||||||
1 Introduction | Learning Resources | 1- Risk Management Guide for IT Systems - NIST 2- Managing Risk and Information Security - (Protect to Enable) |
||||||||||||||||||||||||||||||||||||||
2 Guiding Principles | a Risk Mgmt Guide Australia-New Zealand | This guide reflects the changes to the financial management legislation in Queensland, as well as the release of a new Australia/New Zealand risk management standard. The term Agency is synonym to Organization. Important resources: Queensland Business ( IT risk mgmt.) Purpose of the Guide: To create a RM Plan you need to follow the guidance of: 1- RM Standards ----- ISO نعتمد على معاير دولية معتمده 2- Best Practices نستفيد من ممارسات الغير 3- Lessons Learned الدروس و العبر من التجارب الشخصية السابقة |
||||||||||||||||||||||||||||||||||||||
ASYCUDA | Sample Source. Automated SYstem for CUstoms DAta |
|||||||||||||||||||||||||||||||||||||||
Lectures & Zoom Meetings | Use Excel to create risk matrix By Alvin 1- Risk Mgmt. Process. Introducing The Guiding Principles for Risk Mgmt. Australia & New Zealand .. 3- The Guiding Principles: Purpose, Scope, Terminologies (Application Guide-1) 4- Risk & Risk Mgmt. Strategic and Operational Risk, Effective Risk Mgmt. System 5- RM Framework .. The Frame Work
Zoom link The RM Powerpoint Presentation Steps ASCUDA Zoom Link ..Establishing the Context The 1st step in RM Process Zoom Link Establishing Company/Business Profile ( Risk Appetite 7 Risk Tolerance ) Zoom Link Risk Identification 16- Risk Mgmt Process - Risk Analysis -- Abrar 17- Risk Mgmt Process - Risk Evaluation -- Abrar
18- Risk Mgmt. Process & Risk Mgmt. Plan Review 19 - Risk Mgmt within the Organizational Context ... Internal & External Environment Factors |
|||||||||||||||||||||||||||||||||||||||
3 Rational Decision | Rational Decision Making Model: 7 Easy Steps | Rational Decision Making Model: Posted by: Lucid Content Team
Robert Frost wrote, “Two roads diverged in a wood, and I—I took the one less traveled by, and that has made all the difference.” But unfortunately, not every decision is as simple as “Let’s just take this path and see where it goes,” especially when you’re making a decision related to your business. Whether you manage a small team or are at the head of a large corporation, your success and the success of your company depend on you making the right decisions—and learning from the wrong decisions. Use these decision-making process steps to help you make more profitable decisions. You'll be able to better prevent hasty decision-making and make more educated decisions when you put a formal decision-making process in place. Defining the business decision-making processThe business decision-making process is a step-by-step process allowing professionals to solve problems by weighing evidence, examining alternatives, and choosing a path from there. This defined process also provides an opportunity, at the end, to review whether the decision was the right one. 7 decision-making process stepsThough there are many slight variations of the decision-making framework floating around on the Internet, in business textbooks, and in leadership presentations, professionals most commonly use these seven steps. 1. Identify the decisionTo make a decision, you must first identify the problem you need to solve or the question you need to answer. Clearly define your decision. If you misidentify the problem to solve, or if the problem you’ve chosen is too broad, you’ll knock the decision train off the track before it even leaves the station. If you need to achieve a specific goal from your decision, make it measurable and timely so you know for certain that you met the goal at the end of the process. 2. Gather relevant informationOnce you have identified your decision, it’s time to gather the information relevant to that choice. Do an internal assessment, seeing where your organization has succeeded and failed in areas related to your decision. Also, seek information from external sources, including studies, market research, and, in some cases, evaluation from paid consultants. Beware: you can easily become bogged down by too much information—facts and statistics that seem applicable to your situation might only complicate the process. 3. Identify the alternativesWith relevant information now at your fingertips, identify possible solutions to your problem. There is usually more than one option to consider when trying to meet a goal—for example, if your company is trying to gain more engagement on social media, your alternatives could include paid social advertisements, a change in your organic social media strategy, or a combination of the two. 4. Weigh the evidenceOnce you have identified multiple alternatives, weigh the evidence for or against said alternatives. See what companies have done in the past to succeed in these areas, and take a good hard look at your own organization’s wins and losses. Identify potential pitfalls for each of your alternatives, and weigh those against the possible rewards. 5. Choose among alternativesHere is the part of the decision-making process where you, you know, make the decision. Hopefully, you’ve identified and clarified what decision needs to be made, gathered all relevant information, and developed and considered the potential paths to take. You are perfectly prepared to choose. 6. Take actionOnce you’ve made your decision, act on it! Develop a plan to make your decision tangible and achievable. Develop a project plan related to your decision, and then set the team loose on their tasks once the plan is in place. 7. Review your decisionAfter a predetermined amount of time—which you defined in step one of the decision-making process—take an honest look back at your decision. Did you solve the problem? Did you answer the question? Did you meet your goals? If so, take note of what worked for future reference. If not, learn from your mistakes as you begin the decision-making process again. Tools for better decision-making (Decision Tree)Depending on the decision, you might want to weigh evidence using a decision tree. The example below shows a company trying to determine whether to perform market testing before a product launch. The different branches record the probability of success and estimated payout so the company can see which option will bring in more revenue. A decision matrix is another tool that can help you evaluate your options and make better decisions. Learn how to make a decision matrix and get started quickly with the template below. You can also create a classic pros-and-cons list, and clearly highlight whether your options meet necessary criteria or whether they pose too high of a risk. With these 7 steps we've outlined, plus some tools to get you started, you will be able to make more informed decisions faster. |
||||||||||||||||||||||||||||||||||||||
Learning Resources & Zoom Meetings Rational Decisions | 1- Irrational Decisions 2- Rational Decisions Making Model - Decisions based on the consequences. - Decisions based on the appropriateness. _____________________________________________ 1- Rational DM - 2- 3- |
|||||||||||||||||||||||||||||||||||||||
4 IT Risk Mgmt | Managing & Reducing IT Risk | What is Information Technology risk?If your business relies on information technology (IT) systems such as computers and networks for key business activities you need to be aware of the range and nature of risks to those systems. Probability * Consequence = RiskLooking at the nature of risks, it is possible to differentiate between : *Physical threats - resulting from physical access or damage to IT resources such as the servers. These could include theft, damage from fire or flood, or unauthorized access to confidential data by an employee or outsider . *Electronic threats - aiming to compromise your business information - eg a hacker could get access to your website, your IT system could become infected by a computer virus, or you could fall victim to a fraudulent email or website. These are commonly of a criminal nature . *Technical failures - such as software bugs, a computer crash or the complete failure of a computer component. A technical failure can be catastrophic if, for example, you cannot retrieve data on a failed hard drive and no backup copy is available . *Infrastructure failures - such as the loss of your internet connection can interrupt your business - eg you could miss an important purchase order . *Human error - is a major threat - eg someone might accidentally delete important data, or fail to follow security procedures properly. _________________________________________________________________________ Another classification on Types of IT risks 1- Viruses: type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. 2- Malware : is any software intentionally designed to cause damage to a computer, server, client, or computer network 3- Hardware failure: a malfunction within the electronic circuits or electromechanical components (disks, tapes) of a computer system. 4- Software failure: a failure that occurs when the user perceives that the software has ceased to deliver the expected result with respect to the specification input values. 5- hackers : people who illegally break into computer systems 6- Natural disasters: such as fire, cyclone and floods also present risks to IT systems, data and infrastructure. Damage to buildings and computer hardware can result in loss or corruption of customer records/transactions. 7- fraud : using a computer to alter data for illegal benefit 8- Security breaches: any incident that results in unauthorized access to computer data, applications, networks or devices. It results in information being accessed without authorization. Typically, it occurs when an intruder is able to bypass security mechanisms. includes physical break-ins as well as online intrusion Intentional مقصود & Unintentional غير متعمد Risk----------------------------------------------------------------------------------------------------------------------------------------------- Strategic RiskRisk that affects the achievement of the org. main Strategic and long term objective >>> - Reputation. السمعة - Customer relation, The quality, Org. culture. Competition Operational Risk- Network Risk, Intruders risk, Hackers, Virus Attacks, accidental delete, Hard disk, علق البرنامجو General IT ThreatsGeneral threats to IT systems and data include:
Read more about email scams, viruses, hackers, and other IT threats. Criminal IT ThreatsSpecific or targeted criminal threats to IT systems and data include:
Read more about online crimes against business. Learn more about protecting your website from hackers. Natural Disasters and IT SystemsNatural disasters such as fire, cyclone and floods also present risks to IT systems, data and infrastructure. Damage to buildings and computer hardware can result in loss or corruption of customer records/transactions. Read more about preparing for and recovering from natural disasters and business continuity planning. Also consider...
Managing information technology risksManaging information technology (IT) risks is a structured process that involves a series of activities designed to:
A comprehensive approach to risk management used by Australian emergency management agencies is based on the prevention, preparedness, response and recovery (PPRR) model. Legal RequirementsAs a first step in managing IT risks, you should be aware of the legal and legislative requirements for business owners, such as: the Spam Act 2003 (Cwlth), the Electronic Transactions (Qld) Act 2001 and privacy laws. Read more about legal obligations for online business. IT Risk AssessmentAn effective IT risk assessment identifies serious risks, based on the probability that the risk will occur, and the costs of business impacts and recovery. To complete your IT risk assessment identify risks to your business and perform a business impact analysis. Business Continuity Planning ضمان استمرارية العمل في المؤسسةHaving identified risks and likely business impacts, the development of a business continuity plan can help your business survive and recover from an IT crisis. A business continuity plan identifies critical business activities, risks, response plans and recovery procedures. Read more about business continuity planning, and download our business continuity plan template. IT Risk management policies and proceduresIT policies and procedures explain to staff, contractors and customers the importance of managing IT risks and may form part of your risk management and business continuity plans. Security policies and procedures can assist your staff training on issues such as:
A code of conduct can provide staff and customers with clear direction and define acceptable behaviours in relation to key IT issues, such as protection of privacy and ethical conduct. Learn more about staff training. Also consider...
Reducing information technology risksThreats and risks to information technology (IT) systems and data are an everyday reality for most modern businesses. You should put in place measures to protect your systems and data against theft and hackers. Practical steps to improve IT securityTo help protect your IT systems and data you should:
Read more about protecting IT data and systems. Create a secure online presenceIf your business has an online presence, you should assess the security of your website, email accounts, online banking accounts and social media profiles. For example, secure socket layer (SSL) technology is used to encrypt transaction data and to send customer and card details to the acquiring bank for authorisation. You should ensure any web hosting solution you consider is capable of supporting the SSL protocol. Induction and IT training for staffTraining new and existing staff in your IT policies, procedures and codes of conduct is an important component of IT risk management strategies. Training can cover key business processes and policies, such as:
As an employer you have legal obligations when training staff. Providing support and training for new employees is a critical aspect of staff training. Read more about staff inductions and staff training. Business insuranceIt is impossible for a business to prevent or avoid all IT risks and threats. This makes business insurance an essential part of IT risk management and recovery planning. You should regularly review and update your insurance, especially in light of new or emerging IT risks, such as the increasing use of personal mobile devices for workplace activities. Learn more about choosing the right business insurance. Also consider...
|
||||||||||||||||||||||||||||||||||||||
Responding to IT Incidents | An IT incident can be confined to the IT components of your business, such as a Denial of Service DoS attack that targets your business. An IT incident can also be part of a wider business crisis, such as widespread damage to networks due to natural disasters. Your IT risk management plan and business continuity plan should include:
IT incident response plansIT incident response plans identify principal IT risks and the steps you need to take to mitigate effects or damage. They may include details of key staff who need to be notified, priority actions, communication plans, contact lists and an event log to record actions taken. Emergency response plansIT incidents may be the result of a wider crisis, such as an explosion, bushfire or flood. In any emergency situation the safety of staff and members of the public are your first priority. An IT incident response plan should integrate with and support emergency response plans. IT incident recovery plansA recovery plan will help you respond effectively if an IT incident or crisis affects your business. A recovery plan can shorten recovery times and minimise losses, and should include:
Read more about developing an incident recovery plan. Also consider...
|
|||||||||||||||||||||||||||||||||||||||
More IT Learning Resources | ||||||||||||||||||||||||||||||||||||||||
Check list | This IT risk management checklist can help you determine the basic precautions and steps to take in managing IT risk to your business. Read through the checklist and click 'Yes' or 'No' to answer the questions. If you answer 'No' to any question, you will create a list of actions to complete to ensure your business can manage IT risk. Have you:
Also consider...
|
|||||||||||||||||||||||||||||||||||||||
Lectures & Zoom Meetings | ||||||||||||||||||||||||||||||||||||||||
5 Bus. Continuity & Disaster Recovery Plan | BCP Resources | Business Continuity Plan BCP ... So Opinionated Preparedness, Prevention, Response and Recover Link to a Developing PPRR Framework Link to Resilient Community Organizations Emergency Management PPRR |
||||||||||||||||||||||||||||||||||||||
8 Securing حماية Info. Systems | Securing Information Systems | Managing the Digital Firm Kenneth Laudon |
||||||||||||||||||||||||||||||||||||||
Lectures, Meetings & Videos | 1- Understanding the technology involved to be able to Secure Your Info. System |