Quick Links

Risk-based Computer Security

Like all areas of business the amount of resources (people, time and money) that can be applied to computer security is limited. This means that proper risk based planning is required to determine where resources are best applied to controls to mitigate risk. To accomplish this, first one must understand what risk is, what assets are at risk and need protecting, and what controls can be applied to effectively mitigate that risk.

Date: TBA
Time: 6:00 pm – 9:00 pm
Location: 688 Sherbrooke Street West, Room to be confirmed
Fee: $245.00 CAD plus applicable taxes


Description

This course will provide information that will allow the participants to develop a risk-based approach to computer security:

  • Defining risk
  • Understanding asset and data classification
  • Understanding threats and vulnerabilities
  • Identifying controls to mitigate the risk
  • Some simple metrics to measure results

Who Should Attend

This is an intermediate level workshop for professionals interested in developing comprehensive security risk program: Chief Information Officers, Sr. Managers or Technicians with responsibility to secure their computing infrastructure.


Objectives

After taking this workshop, participants will be able to conduct a risk-based analysis of their computer environment and use the results to plan their computer security program. They will understand the concepts of data and asset classification and the application of various security controls to mitigate risk.


Topics Covered

  • Defining risk
  • Identification of key computer security risk
  • Quantification of risk
  • Explaining the concepts of inherent and residual risk
  • Understanding asset and data classification and its use in security planning,
  • Understanding the risk of various threats and vulnerabilities,
  • Identifying various controls to mitigate identified risks
  • Some simple metrics to measure results

Facilitator

Bob BoyerRobert Boyer, FLMI/M, CISSP, Lead Architect, Security Services, Standard Life

During his 36 year career, Bob has held many positions within and outside of Information Technology, including Sr. Investment Administration Officer in charge of investment accounting and reporting, System Officer in charge of corporate systems development & maintenance, Planning Officer within computer operations, Manager, Computer Security, and most recently his current title. Bob is responsible for Computer Security Architecture and Planning, Computer Security Policies and Disaster Recovery Planning. Over the past 22 years he has been building Security and Disaster Recovery programs with the aim of ensuring the protection of confidential and personal data as well as the continuity of business services.

One of Bob’s most recent projects was the acquisition, design and implementation of ArcSight as a global Security Information Event Management solution for a major Financial Services institution. This included implementing a Security Operations Center to monitor security events.

Bob is a Certified Information Systems Security Specialist (CISSP), a Master Fellow in the Life Management Institute (FLMI/M), and has completed a Certificate in Management from McGill University.


Cancellation Policy

All cancellation & substitution requests must be made in writing. The following Cancellation Policy applies:

Up to 14 days prior to the start date: Full refund
7 days prior to the start date: Refund minus $100 Cancellation fee
Within 7 days of the start date: No Refund, however suitable participation substitution will be permitted

If no notice is given prior to the start of the event(s) and you fail to attend, you will be liable for the full course fee.

McGill SCS reserves the right to cancel an event up to 5 days prior to its start.


Contact Information

Telephone: 514-398-5454
E-mail: pd [dot] conted [at] mcgill [dot] ca