AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Wednesday, September 23 • 1:30pm - 3:00pm
Training (1 day): Risk Management Like a Boss: Making Your Risks Work for You

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Arguably, the single most valuable skill that you can learn in Information Security today in order to improve your security posture for tomorrow is Risk Management. The simple process of identifying your risks, planning your mitigations, and performing reviews puts your company squarely in the drivers seat when it comes to justifying its security expenditures in order to reduce risk. SimpleRisk is the only free and open source alternative to the bloated and expensive Governance, Risk, and Compliance (GRC) platforms out there and is being used by corporations of all sizes, around the world, to perform their risk management activities. During this seminar, Josh Sokol, the Creator of SimpleRisk, will walk attendees through the basics of risk management using hands-on activities and the SimpleRisk tool. By the end of the course, attendees will have the knowledge necessary in order to deploy SimpleRisk in their environment, use it to manage their risks, and have a firm grasp on the processes involved in managing risks.

SimpleRisk is free to download at http://www.simplerisk.org and is released under the Mozilla Public License (MPL) 2.0. This means that those who use it are free to use it, modify it, or even sell it at will. SimpleRisk does sell some additional enterprise functionality such as LDAP authentication, team separation, and e-mail notifications, but the tool is fully functional in performing risk management activities without these and they are completely out of scope for the class.

1) Installing SimpleRisk on a LAMP stack
2) Configuring SimpleRisk
3) Brainstorming risks and naming them
4) Submitting risks
5) Planning mitigations
6) Performing management reviews
7) Creating projects and assigning risks

Who Should Take This Course?
This course is designed to take a person with no prior experience in risk management and teach them how to perform risk management activities such as assessing risk, documenting risk, planning mitigations, and performing management reviews. Attendees will learn how to install and configure the free and open source SimpleRisk risk management framework and will leverage it to become risk management experts for their organization.

What Should Students Bring?
Students will need to bring a laptop running a virtual machine (VMWare, Virtualbox, or Parallels should work fine) containing Ubuntu 14.04 LTS. The installation of SimpleRisk will happen as part of an in-class activity and will be used for all in-class exercises.

avatar for Josh Sokol

Josh Sokol

Information Security Program Owner, National Instruments
Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information... Read More →

Wednesday September 23, 2015 1:30pm - 3:00pm PDT
Pacific A