Risk Assessment [or Risk Analysis] is the foundation of any information security strategy and is emphasized by most compliance standards such as PCI [Requirement 12.1.2], HIPAA [Meaningful Use/Breach Notification/Omnibus Rule], FFIEC, ISO 27001, SSAE 16, etc. In addition, it is the foundation for understanding risks of evolving trends such as Cloud Computing, BYOD, Big Data, Mobile, etc.
Despite this immense need, there is not enough training on how to conduct formal risk assessments. The Certified Information Security Risk Assessor (CISRA) Workshop is intended to equip participants with sufficient knowledge through practical case studies on how to conduct formal risk assessment. The focus during the workshop will be on three well-known methodologies NIST, OCTAVE and ISO 27005 but our research covers 80+ methodologies.
The CISRA workshop takes participants outside of the realm of their everyday risk management activities and gives them a grounds-up perspective of the concepts of risk: starting from the basics of the constituent elements of risk, and progressing to more advanced concepts such as identifying, measuring and evaluating risk, managing it correctly, choosing right options and managing challenges faced along the way.
The workshop concludes with an examination that leads to the Certified Information Security Risk Assessor (CISRA) certification. Workshop carries 14 hours CPE Credit for ISACA and ISC2 members.