IT Risk Management Training

What is it?  
The GTIS Information Assurance Training Series provides three levels of training:
  1. End-user: End users gain a greater awareness of contemporary security issues and are introduced to practical security tools.
  2. IT Admins: IT Admins learn practical skills for developing disaster recovery plans and handling security risk management.
  3. Leadership: Leadership learns essential concepts of acceptable risk and risk terminology and how to effectively support their IT Admins on security issues.
Who is it for?  
SIL staff and organizations in the Bible translation movement.

Who do I contact?  
Rod Davis, Business Continuity Consultant for SIL International, Rod _Davis@sil.org, +1(704) 843-6178

What GTIS does...
GTIS currently offers the following four training opportunities:

1. End-user IT Security: The end-user is introduced to the concepts of data backup and recovery, protection of sensitive data, and tools that empower users in these areas. This workshop also covers threats that an end-user might encounter, including device theft/loss, human error, malware, and social engineering.
2. IT Disaster Recovery Planning: This is a workshop for IT Admins that introduces the methodology of disaster recovery planning including risk assessment, impact analysis, risk mitigation, developing and testing disaster recovery plans. You will learn the practical skills needed to develop disaster recovery plans and will complete a preliminary risk assessment, a business impact analysis, a risk mitigation strategy, and a disaster recovery plan. The concepts of Recovery Point Objective and Work Recovery Time are also introduced and applied to the protection of IT systems supporting mission-critical business functions.
3. IT Security Risk Management: This is also a workshop for IT Admins that begins by introducing the concept of acceptable risk. Risk terminology is covered including definitions of risk, threat, vulnerability, controls, and more. The instruction you'll receive will help you to determine the risk sensitivity of a resource, profile the resource based on its sensitivity, and determine appropriate controls based on the severity of relevant threats and their likelihood to affect the resource. 
4. IT Security Risk Management for Leadership: This training will explain how to work best with your IT Admins to establish acceptable risk and address numerous security issues, such as:
  • Which information is sensitive and how should it be protected. 
  • Deciding which entity data must be recoverable and establish a data recovery plan for the entity.
  • Identification of probable, high impact threats.
  • Determination of how long it will take to restore a IT Service when a server goes down.
  • Purchase decisions for appropriate security controls.

What will you do...
Be an excellent student and apply what you have learned back at your entity, area, or department. Information assurance is everyone's responsibility.