Certified Data Centre Risk Professional (CDRP)

CDRP

This course is designed to expose attendants to the overall risk management process. Focus is on both the data centre infrastructure and the physical data centre facility and equipment; the attendant will learn how to identify and quantify risk in their organization, creating the ability to reduce the risk to a level acceptable for the organization. The course is based on international standards (ISO/IEC27001:2005) and guidelines (ISO/IEC27005:2011, NIST800-30, ISO/IEC31000) and will additionally prepare the candidate being able to take part and assist in corporate certification processes that may apply.

**Please note, the price of the exam is not included in the price of the course. Your Account Manager can provide you with the exam pricing upon request.

Course Details

The primary audience for this course is an IT, Facilities or Data Centre Operations professional working in and around the data centre (representing both end-customers and/or service provider/facilitators) and having responsibility to achieve and improve hi-availability and manageability of the Data Centre, such as: Data centre managers, Operations/Floor/Facility managers, IT managers, Information security managers, Security professionals, Auditors/Risk Managers/Professionals responsible for IT/corporate governance.

There is no specific prerequisite for the CDRP® course. However, participants who have at least three years' experience in a data centre and/or IT infrastructures will be best suited. This experience may come from a business or IT background where the participant has knowledge of both environments, and understands the mission of their organisation. Attendance of CDCP® is beneficial but not a requirement.

Introduction to Risk Management

Risk management concepts
Senior management and risk
Enterprise Risk Management (ERM)
Benefits of risk management
Data Centre Risk and Impact

Risk in facility, power, cooling, fire suppression, infrastructure and IT services
Impact of data centre downtime
Main causes of downtime
Cost factors in downtime
Standards, Guidelines and Methodologies

ISO/IEC 27001:2013, ISO/IEC 27005:2011, ISO/IEC 27002:2013
NIST SP 800-30
ISO/IEC 31000:2009
SS507:2008
ANSI/TIA-942
Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)
Risk Management Definitions

Asset
Availability/Confidentiality/Integrity
Control
Information processing facility
Information security
Policy
Risk
Risk analysis/Risk assessment/Risk evaluation/
Risk treatment
Threat/Vulnerability
Types of risk
Risk Assessment Software

The need for software
Automation
Considerations
Risk Management Process

The risk management process
Establishing the context
Identification
Analysis
Evaluation
Treatment
Communication and consultation
Monitoring and review
Project Approach

Project management principles
Project management methods
Scope
Time
Cost
Cost estimate methods
Context Establishment

General considerations
Risk evaluation, impact and acceptance criteria
Severity rating of impact
Occurrence rating of probability
Scope and boundaries
Scope constraints
Roles & responsibilities
Training, awareness and competence
Risk Assessment - Identification

The risk assessment process
Identification of assets
Identification of threats
Identification of existing controls
Identification of vulnerabilities
Identification of consequences
Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences
Risk Assessment - Analysis and Evaluation

Risk estimation
Risk estimation methodologies
Assessment of consequences
Assessment of incident likelihood
Level of risk estimation
Risk evaluation
Hands-on exercise: Assessment of consequences,
probability and estimating level of risk
Risk Treatment

The risk treatment process steps
Risk Treatment Plan (RTP)
Risk modification
Risk retention
Risk avoidance
Risk sharing
Constraints in risk modification
Control categories
Control examples
Cost-benefit analysis
Control implementation
Residual risk
Communication

Effective communication of risk management activities
Benefits and concerns of communication
Risk Monitoring and Review

Ongoing monitoring and review
Criteria for review
Risk scenarios

Risk assessment approach
Data centre site selection
Data centre facility
Cloud computing
UPS scenarios
Force majeure
Organisational shortcomings
Human failure
Technical failure
Deliberate acts

Schedule

there are currently no scheduled courses.
Course Code: TNL-EPI-CDRP
Course Duration: 2 Day
Price: POA
Enquire Now Course Schedule Certification Course Brochure