"Cyber & IT Risks" Module is part of the "Certified Chief Risk Officer (C-CRO)" and the "Certified Operational Risk Officer (C-ORO)" training programs.

The objective of this educational programme is to expose the real risks that relate to the exponential increase of Information Technology use (IT Risks) and Internet (Cyber Risks) inside companies and organizations. At the same time atttending professionals will learn a specific working methodology to recognise those risks and manage them effectively.

Digital transformation has accelerated due to COVID and affected all business units inside the companies (Finance and Credit, HR, IT, etc). Digitization of companies comes with great rewards but also with new big IT Risks. Managers in all Busines Units and Risk Officers should learn to recognize those risks and more importantyly learn how to cope with them in this new Era of Information Technology dependency.

The Cyber & IT Risks educational progamme is designed for everybody that would like to comprehend how Information Technology and Internet exposure, along with opportunities creates new great risks.

It teaches full working methodologies and provides tools that used in real life scenarios by companies and individual professionals to manage those risks.

It is presented in a way so that roles like: Risk Managers, IT Auditors, Operational Managers, and IT Professionals could grasp this necessary knowledge but it is also a life-saver for executives like COO/CEO, CFO and CIOs who hold the responsibility for these Risks.

• What is Cyber and IT Risk and relation with ERM
• IT Risk is a business Risk embedded in ERM
• IT Risk Frameworks and Best Practices
• Duality of Risk - Opportunities and Risk
• Three Lines of Defense
• Risk Appetite and Risk Tolerance
• Digital Transformation and Risk
• Opportunities and Risk of a BPR
• New trends of Cyber & IT Risks (BYOD, Social Media, Cloud Computing, Internet of Things, Big Data)

• How can we identify Cyber & IT Risks
• Collect and review Enterprise information - Objectives, Operations, Various business IT Environments
• Identify potential threats and vulnerabilities
• How to develop a set of IT Risk Scenarios
• Identify key stakeholders of IT Risks
• Identify risk appetite and risk tolerance
• Establish the IT Risk Register
• Develop a Risk Awareness Program for the Enterprise
• How can we perform IT Risk Assessment
• Analyze risk scenarios and identify likelihood and impact
• Review Controls - Prepare gap analysis
• Assign Risk Ownership to establish accountability
• Update Risk Register
• Communicate RA to Management
• How to Determine Risk Response and Mitigate Risk
• Action Plan with Risk Owners and Business Objectives
• Risk Response Selection and Prioritization
• Ensure controls ownership and risk accountability
• Consult/review/develop control procedures
• Update Risk Register
• Continuously Monitor and Report IT Risk
• Methods to Monitor Cyber & IT Risk
• Risk awareness - Risk Culture KPIs, KRIs, Management Review, Risk Profile changes