IT & Cyber Risk Management - Product Implementation Course

Course Overview:

The MetricStream’s IT-Risk (ITR) Management app helps to assess, measures, and monitors IT operational and security risks in relation to strategic goals and objectives of the organization. The app also helps quantify the risk in terms of its monetary value which helps organizations adopt a suitable risk mitigation method.

Level

Advanced

Content

5 Hours

Practice

5 Hours

Q&A with MSU

2 Hours

Pre-Requisites

Familiarity with IT & Cyber Risk Concepts

Certification Awarded*

MetricStream Certified IT Risk Management Product Implementation Associate

Learning Objectives:

The training is focused on making trainees understand the features, process, workflows, and functionalities of the IT Risk Management Product. At the end of the training, practice and certification, trainees will have knowledge on how to implement and perform basic configurations on the ITR product which includes knowledge on:

· Product Functionality & Use Case - Workflow Usage

o Understand how to navigate the IT and Cyber Risk Management app

o Create IT Risk Management content

o Create, approve and manage Risk Assessment plans

o Execute IT- Risk assessments

o Create, approve and manage threats, threat actors and alerts

o Create, approve and manage Vulnerabilities

o Log, approve, manage, monitor and close issues

· Product Configuration

o Configuration Workbooks

o Updating IT-Risk LOVs

o Updating IT-Risk Data Tables

o IT-Risk Configuration Parameters

· Product/Use Case Setup, User Management & Basic Administration

o Upload IT Risk Management content

o Subscribe to external alerts & channels

o Setup remediation rules & templates

o Setup Quantitative & Qualitative assessment factors

o Configure connectors

o Provision/Deactivate Users

o IT-Risk Role Activities & Objects

o Map Users to IT-Risk Org-Role Pairs

Practice & Facetime with Instructor:

Once you start the course, please reach out to MSU at MSU[email protected] to get a practice instance allocated. Upon completion of course content and sufficient practice, reach out to your MSU instructor for your 2 hr Q&A session to clarify and address any open questions.

Certification (Optional):

To be certified, you need to score a minimum of 75% on both the objective and practical assessment. You are allowed a maximum of 2 attempts to pass the certification tests. Please reach out to the instructor once you are ready for assessment. The maximum duration allowed for appearing for assessment is 2 weeks from the course assignment date.

Course Overview: The MetricStream’s IT-Risk (ITR) Management app helps to assess, measures, and monitors IT operational and security risks in relation to strategic goals and objectives of the organization. The app also helps quantify the risk in...

Course content

Lesson Overview & Navigation

IT and Cyber Risk Management product provides a systematic approach for identifying, assessing, and treating information security risks on business-critical processes, information technology assets...
- Overview (8 Minutes)
- Navigation (13 Minutes)
Lesson GRC Libraries

GRC Foundation is a comprehensive set of interlinked libraries that form the underlying GRC framework for all GRC-related activities across the enterprise. It is an add-on component to the base Met...
- GRC Libraries (19 Minutes)
Lesson Qualitative Assessments

Qualitative Assessments module helps you to to schedule risk assessments, assess risks and controls, log findings and issues, and reassess risks.
- Risk Assessment Plan (9 Minutes)
- Risk Assessment Tasks (3 Minutes)
- Perform Risk Assessments (7 Minutes)
Lesson Threats

The Threats module is used to gain insight into the list of threats. You can capture ad hoc threat, alert details, the details of different threats, and threat actors to identify the strength of th...
- Alerts (3 Minutes)
- Threat Actor (7 Minutes)
- Threats (11 Minutes)
Lesson Vulnerabilities

The Vulnerabilities module helps you to gain insight into the list of vulnerabilities. You can capture vulnerability details to identify the severity and exposure level of the vulnerability.
- Vulnerabilities (18 Minutes)
Lesson Issues

The Issues module allows companies to establish and follow consistent procedures for issue reporting, task management, and status reporting. It supports the identification and evaluation of issues ...
- Creating and Approving Issues (11 Minutes)
- Managing Issues & Action Plans (8 Minutes)
- Responding Actions & Monitoring Issues (5 Minutes)
- Issue Closure (6 Minutes)
Lesson IT-Risk - Product Setup

MetricStream components can be tailored to specific requirements of an organization in different ways. This unit covers the most common requirements and functions performed by an 'Apps Administrato...
- Quantitative Factors (17 Minutes)
- Qualitative Factor (3 Minutes)
- Risk Scoring Algorithm (8 Minutes)
- Risk Assessment Profile (11 Minutes)
- Perspectives (11 Minutes)
- Data Upload (10 Minutes)
- Create and Subscribe to Channels (6 Minutes)
- Configure Motives, Scale to be used in Threat and Likelihood of Initiation Calculation (7 Minutes)
- BMC Atrium & ServiceNow Connector Configuration (9 Minutes)
Lesson IT-Risk Product Configuration

This unit covers configuration topics enabling you to populate configuration workbooks, updating LOVs and Data Table on forms and defining workflow parameters.
- Configuration Workbooks
- Updating List of Values & Data Tables
- Configuration Parameters
Lesson IT-Risk Product Administration

This unit will enable you to provision, deactivate and map users to various roles in the IT-Risk app.
- User Provisioning
- OOTB Roles
- Org-Role Pair Mapping
Lesson IT and Cyber Risk Management App Practice (4 Hours)

Please reach out to your trainer for credentials to the practice instance before starting this unit.
- Libraries (60 Minutes)
- Qualitative Assessments (60 Minutes)
- Threats (30 Minutes)
- Vulnerabilities (30 Minutes)
- Issues (60 Minutes)
Lesson Assessment & Certification

Thank you for completing this IT Compliance Course. Kindly reach out to your instructor at [email protected] for access to the following certification assessments:
- Assessment & Certification