Course Description
In this 3-day course, you will learn about the Threat Risk Assessment methodology using the ITSG-33 ISSIP and CSE’s new ASTRA tool to help you conduct your assessments. The course will further your knowledge of ITSG-33 in a practical application for any Government IT project.
Course Outline
Module 1: HTRA Overview
- Relate the HTRA to the requirements for the assessment of threats and risks
- Recognise the structure of the HTRA publication
- Describe the phases of the HTRA process
Module 2: HTRA Activities
- Describe the HTRA activities
- Apply the HTRA activities for a variety of mandates
Module 3: Using the HTRA within ITSG-33 ISSIP
- Situate the HTRA within the ITSG-33 risk management lifecycle process
- Situate the HTRA activities within the ITSG-33 ISSIP
- Describe the adaptations that are recommended to use the HRTA in the ITSG-33 ISSIP
Module 4: Practical Examples and TRA Tool
- Describe the practical examples for the exercises
- Use the TRA tool to complete the exercises
Module 5: Support Project Initiation Phases
- Describe the TRA activities of the ISSIP conducted during the following phases of the generic SDLC process:
- Concept
- Requirements analysis
- Complete these activities in an IT project
Module 6: Support Risk-based Design
- Describe the TRA activities of the ISSIP conducted during the following phases of the generic SDLC process:
- High-level design
- Detailed design
- Complete these activities in an IT project
Module 7: Assess Residual Risks and Reporting
- Describe the TRA activities of the ISSIP conducted during the installation phase of the generic SDLC process
- Complete these activities in an IT project
Price
$1500
Duration
3 days
Target Audience
Project/Program Managers, IT Security Designers, Architects, Engineers and Managers
Recommended Prior Learning
- Course 601- Introduction to IT Security Management, Knowledge of GC Security Risk Management is Beneficial
- Course 104 - IT Security Risk Management: A Lifecycle Approach (ITSG-33)
