IT & Cyber Risk Management - End User Course

Course Overview:

The MetricStream’s IT-Risk (ITR) Management app helps to assess, measures, and monitors IT operational and security risks in relation to strategic goals and objectives of the organization. The app also helps quantify the risk in terms of its monetary value which helps organizations adopt a suitable risk mitigation method.

Level

Intermediate

Content

5 Hours

Practice

5 Hours

Q&A with MSU

2 Hours

Pre-Requisites

Familiarity with IT & Cyber Risk Concepts

Learning Objectives:

The training is focused on making trainees understand the features, process, workflows, and functionalities of the IT Risk Management Product. At the end of the training and practice, trainees will have knowledge on how to implement and perform basic configurations on the ITR product which includes knowledge on:

· Product Functionality & Use Case - Workflow Usage

o Understand how to navigate the IT and Cyber Risk Management app

o Create IT Risk Management content

o Create, approve and manage Risk Assessment plans

o Execute IT- Risk assessments

o Create, approve and manage threats, threat actors and alerts

o Create, approve and manage Vulnerabilities

o Log, approve, manage, monitor and close issues

· Product/Use Case Setup, User Management & Basic Administration

o Upload IT Risk Management content

o Subscribe to external alerts & channels

o Setup remediation rules & templates

o Setup Quantitative & Qualitative assessment factors

o Configure connectors

Practice & Facetime with Instructor:

Once you start the course, please reach out to MSU at MSU[email protected] to get a practice instance allocated. Upon completion of course content and sufficient practice, reach out to your MSU instructor for your 2 hr Q&A session to clarify and address any open questions.

Certification Issued:

Participants will be issued a Course Completion Certificate on successful completion of the entire course.

Course Overview: The MetricStream’s IT-Risk (ITR) Management app helps to assess, measures, and monitors IT operational and security risks in relation to strategic goals and objectives of the organization. The app also helps quantify the risk in ...

Course content

Lesson Overview & Navigation

IT and Cyber Risk Management product provides a systematic approach for identifying, assessing, and treating information security risks on business-critical processes, information technology assets...
- Overview (8 Minutes)
- Navigation (13 Minutes)
Lesson GRC Libraries

GRC Foundation is a comprehensive set of interlinked libraries that form the underlying GRC framework for all GRC-related activities across the enterprise. It is an add-on component to the base Met...
- GRC Libraries (19 Minutes)
Lesson Qualitative Assessments

Qualitative Assessments module helps you to to schedule risk assessments, assess risks and controls, log findings and issues, and reassess risks.
- Risk Assessment Plan (9 Minutes)
- Risk Assessment Tasks (3 Minutes)
- Perform Risk Assessments (7 Minutes)
Lesson Threats

The Threats module is used to gain insight into the list of threats. You can capture ad hoc threat, alert details, the details of different threats, and threat actors to identify the strength of th...
- Alerts (3 Minutes)
- Threat Actor (7 Minutes)
- Threats (11 Minutes)
Lesson Vulnerabilities

The Vulnerabilities module helps you to gain insight into the list of vulnerabilities. You can capture vulnerability details to identify the severity and exposure level of the vulnerability.
- Vulnerabilities (18 Minutes)
Lesson Issues

The Issues module allows companies to establish and follow consistent procedures for issue reporting, task management, and status reporting. It supports the identification and evaluation of issues ...
- Creating and Approving Issues (11 Minutes)
- Managing Issues & Action Plans (8 Minutes)
- Responding Actions & Monitoring Issues (5 Minutes)
- Issue Closure (6 Minutes)
Lesson IT-Risk - Product Setup

MetricStream components can be tailored to specific requirements of an organization in different ways. This unit covers the most common requirements and functions performed by an 'Apps Administrato...
- Quantitative Factors (17 Minutes)
- Qualitative Factor (3 Minutes)
- Risk Scoring Algorithm (8 Minutes)
- Risk Assessment Profile (11 Minutes)
- Perspectives (11 Minutes)
- Data Upload (10 Minutes)
- Create and Subscribe to Channels (6 Minutes)
- Configure Motives, Scale to be used in Threat and Likelihood of Initiation Calculation (7 Minutes)
- BMC Atrium & ServiceNow Connector Configuration (9 Minutes)
Lesson IT and Cyber Risk Management App Practice (4 Hours)

Please reach out to your trainer for credentials to the practice instance before starting this unit.
- Libraries (60 Minutes)
- Qualitative Assessments (60 Minutes)
- Threats (30 Minutes)
- Vulnerabilities (30 Minutes)
- Issues (60 Minutes)
Lesson Quantitative Assessment Setup

This unit will show all the objects to be setup as part of the Quantitative Assessments.
- Assessment Type Setup
- Questionnaire Setup