

CDRP-VILT: Certified Data Centre Risk Professional (VILT)
Course Information

Course Name
CDRP-VILT: Certified Data Centre Risk Professional (VILT)

Exam code
CDRP

Duration
2 Days
Certification
Overview
The CDRP® is a 2-day course is designed to expose attendants to the overall risk management process. Focus is on both the data centre infrastructure and the physical data centre facility and equipment; the attendant will learn how to identify and quantify risk in their organization, creating the ability to reduce the risk to a level acceptable for the organization. The course is based on international standards (ISO/IEC27001:2005) and guidelines (ISO/IEC27005:2011, NIST800-30, ISO/IEC31000) and will additionally prepare the candidate being able to take part and assist in corporate certification processes that may apply.
Without knowing the cost of downtime it would be impossible to determine what level of investment is justified to mitigate the risks of downtime. This has led to the fact that many data centres have been built at potentially a Tier-4 level as per the ANSI/TIA-942, whereas from a business perspective a Tier-3 level would have been enough.
Risk management is the process to identify vulnerabilities and associated threats, to be followed by estimating the level of risk that they may face and how they might impact the organization if these risks were to emerge. Based on international standards (ISO/IEC27001:2005) and guidelines (ISO/IEC 27005:2011, NIST 800-30, ISO/IEC 31000/31010), CDRP (Certified Data Centre Risk Professional) is a course designed to expose attendants to the overall risk management process.
Focus is on both the data centre infrastructure and the physical data centre facility and equipment; the attendant will learn how to identify and quantify risk in their organization, creating the ability to reduce the risk to a level acceptable for the organization to allow them to make sound investment decisions based on facts rather than emotions. CDRP is a must for every organization that wants to manage their risk without over spending.
Examination
Certification exam papers can be taken in paper based format at the end of the last day of the course, or online via an authorized training partner, depending on the country in which the course is delivered. The exam is a one hour, 40 questions, multiple choice and closed book exam. The attendee need to have 27 out of 40 questions correct in order to pass the exam. Results of the exam will be communicated to the attendee within four weeks following the examination.
Certification
Attendees who successfully pass the exam will receive the official ‘Certified Data Centre Risk Professional’ certificate. Certification is valid for a three years period after which the student needs to re-certify. More information on re-certification and verification of the current status of certification can be found on the EPI corporate website, http://www.epi-ap.com.
Audience Profile
The primary audience for this course is an IT, Facilities or Data Centre Operations professional working in and around the data centre (representing both end-customers and/or service provider/facilitators) and having responsibility to achieve and improve hi-availability and manageability of the data centre, such as: Data centre managers, Operations / Floor / Facility managers, IT managers, Information security managers, Security professionals, Auditors / Risk Managers / Professionals responsible for IT/corporate governance.
Prerequisites
There is no specific prerequisite for the CDRP® course. However, participants who have at least three years’ experience in a data centre and/or IT infrastructures will be best suited. This experience may come from a business or IT background where the participant has knowledge of both environments, and understands the mission of their organisation. Attendance of CDCP® is beneficial but not a requirement.
At Course Completion
After completion of the course, the participant will be able to:
- Understand the different standards and methodologies for risk management and assessment
- Establish the required project team for risk management
- Perform the risk assessment, identifying current threats, vulnerabilities and the potential impact based on customised threat catalogues
- Report on the current risk level of the data centre both quantitative and qualitative
- Anticipate and minimise potential financial impacts
- Understand the options for handling risk
- Continuously monitor and review the status of risk present in the data centre
- Reduce the frequency and magnitude of incidents
- Detect and respond to events when they occur
- Meet regulatory and compliance requirements
- Support certification processes such as ISO/IEC 27001
- Support overall corporate and IT governance
Course Outline
- Risk management concepts
- Managements’ concern
- Enterprise Risk Management (ERM)
- Information technology risk and the business
- Information security risk management
- Data centre risk
- Benefits of risk management
- Risk in facility, power, cooling, fire suppression, infrastructure and IT services
- Impact of data centre downtime
- Main causes of downtime
- Cost factors in downtime
- ISO/IEC 27001:2005, ISO/IEC 27005:2011, ISO/IEC 27002:2007
- ISO/IEC 27005 in relation to ISO/IEC 27001 ISMS
- NIST SP 800-30
- ISO/IEC 31000:2009
- SS507:2008
- TIA/ANSI-942
- Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)
- Asset
- Availability / Confidentiality / Integrity
- Control
- Information processing facility
- Information security
- Policy
- Risk
- Risk analysis / Risk assessment / Risk evaluation / Risk treatment
- Threat / Vulnerability
- Types of risk
- Risk assessment software
- Automation
- Considerations
- Vendor selection
- The risk management process
- Establishing the context
- Identification
- Analysis
- Evaluation
- Treatment
- Communicate and consultation
- Monitoring and review
- Project management principles
- Project management methods
- Scope
- Time
- Cost
- Roles and responsibilities
- General considerations
- Basic criteria
- Risk appetite vs. risk tolerance
- Scope and boundaries
- Scope constraints
- Organization for risk management
- Training, awareness and competence
- The risk assessment process
- Identification of assets
- Identification of threats
- Identification of existing controls
- Identification of vulnerabilities
- Identification of consequences
- Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences
- Risk estimation
- Risk estimation methodologies
- Assessment of consequences
- Assessment of incident likelihood
- Level of risk estimation
- Risk evaluation
- Hands-on exercise: Assessment of consequences, likelihood and estimating level of risk
- The risk treatment process
- Residual risk
- Risk reduction
- Constraints in risk reduction
- Risk retention
- Risk avoidance
- Risk transfer
- Control categories
- Cost-benefit analysis
- Control implementation
- Effective communication of risk management activities
- Benefits and concerns of communication
- Ongoing monitoring and review
- Criteria for review
- Risk assessment approach
- Data centre site and facility
- Force majeure
- Organizational shortcomings
- Human failure
- Technical failure
- Deliberate acts
- Sample questions
- Self study (time permitted)
- Exam: Certified Data Centre Risk Professional
Overview
Overview
The CDRP® is a 2-day course is designed to expose attendants to the overall risk management process. Focus is on both the data centre infrastructure and the physical data centre facility and equipment; the attendant will learn how to identify and quantify risk in their organization, creating the ability to reduce the risk to a level acceptable for the organization. The course is based on international standards (ISO/IEC27001:2005) and guidelines (ISO/IEC27005:2011, NIST800-30, ISO/IEC31000) and will additionally prepare the candidate being able to take part and assist in corporate certification processes that may apply.
Without knowing the cost of downtime it would be impossible to determine what level of investment is justified to mitigate the risks of downtime. This has led to the fact that many data centres have been built at potentially a Tier-4 level as per the ANSI/TIA-942, whereas from a business perspective a Tier-3 level would have been enough.
Risk management is the process to identify vulnerabilities and associated threats, to be followed by estimating the level of risk that they may face and how they might impact the organization if these risks were to emerge. Based on international standards (ISO/IEC27001:2005) and guidelines (ISO/IEC 27005:2011, NIST 800-30, ISO/IEC 31000/31010), CDRP (Certified Data Centre Risk Professional) is a course designed to expose attendants to the overall risk management process.
Focus is on both the data centre infrastructure and the physical data centre facility and equipment; the attendant will learn how to identify and quantify risk in their organization, creating the ability to reduce the risk to a level acceptable for the organization to allow them to make sound investment decisions based on facts rather than emotions. CDRP is a must for every organization that wants to manage their risk without over spending.
Examination
Certification exam papers can be taken in paper based format at the end of the last day of the course, or online via an authorized training partner, depending on the country in which the course is delivered. The exam is a one hour, 40 questions, multiple choice and closed book exam. The attendee need to have 27 out of 40 questions correct in order to pass the exam. Results of the exam will be communicated to the attendee within four weeks following the examination.
Certification
Attendees who successfully pass the exam will receive the official ‘Certified Data Centre Risk Professional’ certificate. Certification is valid for a three years period after which the student needs to re-certify. More information on re-certification and verification of the current status of certification can be found on the EPI corporate website, http://www.epi-ap.com.
Audience Profile
Audience Profile
The primary audience for this course is an IT, Facilities or Data Centre Operations professional working in and around the data centre (representing both end-customers and/or service provider/facilitators) and having responsibility to achieve and improve hi-availability and manageability of the data centre, such as: Data centre managers, Operations / Floor / Facility managers, IT managers, Information security managers, Security professionals, Auditors / Risk Managers / Professionals responsible for IT/corporate governance.
Prerequisities
Prerequisites
There is no specific prerequisite for the CDRP® course. However, participants who have at least three years’ experience in a data centre and/or IT infrastructures will be best suited. This experience may come from a business or IT background where the participant has knowledge of both environments, and understands the mission of their organisation. Attendance of CDCP® is beneficial but not a requirement.
At Course Completion
At Course Completion
After completion of the course, the participant will be able to:
- Understand the different standards and methodologies for risk management and assessment
- Establish the required project team for risk management
- Perform the risk assessment, identifying current threats, vulnerabilities and the potential impact based on customised threat catalogues
- Report on the current risk level of the data centre both quantitative and qualitative
- Anticipate and minimise potential financial impacts
- Understand the options for handling risk
- Continuously monitor and review the status of risk present in the data centre
- Reduce the frequency and magnitude of incidents
- Detect and respond to events when they occur
- Meet regulatory and compliance requirements
- Support certification processes such as ISO/IEC 27001
- Support overall corporate and IT governance
Course Outline
Course Outline
- Risk management concepts
- Managements’ concern
- Enterprise Risk Management (ERM)
- Information technology risk and the business
- Information security risk management
- Data centre risk
- Benefits of risk management
- Risk in facility, power, cooling, fire suppression, infrastructure and IT services
- Impact of data centre downtime
- Main causes of downtime
- Cost factors in downtime
- ISO/IEC 27001:2005, ISO/IEC 27005:2011, ISO/IEC 27002:2007
- ISO/IEC 27005 in relation to ISO/IEC 27001 ISMS
- NIST SP 800-30
- ISO/IEC 31000:2009
- SS507:2008
- TIA/ANSI-942
- Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)
- Asset
- Availability / Confidentiality / Integrity
- Control
- Information processing facility
- Information security
- Policy
- Risk
- Risk analysis / Risk assessment / Risk evaluation / Risk treatment
- Threat / Vulnerability
- Types of risk
- Risk assessment software
- Automation
- Considerations
- Vendor selection
- The risk management process
- Establishing the context
- Identification
- Analysis
- Evaluation
- Treatment
- Communicate and consultation
- Monitoring and review
- Project management principles
- Project management methods
- Scope
- Time
- Cost
- Roles and responsibilities
- General considerations
- Basic criteria
- Risk appetite vs. risk tolerance
- Scope and boundaries
- Scope constraints
- Organization for risk management
- Training, awareness and competence
- The risk assessment process
- Identification of assets
- Identification of threats
- Identification of existing controls
- Identification of vulnerabilities
- Identification of consequences
- Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences
- Risk estimation
- Risk estimation methodologies
- Assessment of consequences
- Assessment of incident likelihood
- Level of risk estimation
- Risk evaluation
- Hands-on exercise: Assessment of consequences, likelihood and estimating level of risk
- The risk treatment process
- Residual risk
- Risk reduction
- Constraints in risk reduction
- Risk retention
- Risk avoidance
- Risk transfer
- Control categories
- Cost-benefit analysis
- Control implementation
- Effective communication of risk management activities
- Benefits and concerns of communication
- Ongoing monitoring and review
- Criteria for review
- Risk assessment approach
- Data centre site and facility
- Force majeure
- Organizational shortcomings
- Human failure
- Technical failure
- Deliberate acts
- Sample questions
- Self study (time permitted)
- Exam: Certified Data Centre Risk Professional
