Get Started

Certified Data Centre Risk Professional

The CDRP® is a 2-day course is designed to expose attendants to the overall risk management process. Focus is on both the data centre infrastructure and the physical data centre facility and equipment; the attendant will learn how to identify and quantify risk in their organization, creating the ability to reduce the risk to a level acceptable for the organization. The course is based on international standards (ISO/IEC27001:2005) and guidelines (ISO/IEC27005:2011, NIST800-30, ISO/IEC31000) and will additionally prepare the candidate being able to take part and assist in corporate certification processes that may apply.

Audience Profile

The primary audience for this course is an IT, Facilities or Data Centre Operations professional working in and around the data centre (representing both end-customers and/or service provider/facilitators) and having responsibility to achieve and improve hi-availability and manageability of the data centre, such as: Data centre managers, Operations / Floor / Facility managers, IT managers, Information security managers, Security professionals, Auditors / Risk Managers / Professionals responsible for IT/corporate governance.

Course Benefits

Understand the different standards and methodologies for risk management and assessment

Establish the required project team for risk management

Perform the risk assessment, identifying current threats, vulnerabilities and the potential impact based on customised threat catalogues

Report on the current risk level of the data centre both quantitative and qualitative

Anticipate and minimise potential financial impacts

Understand the options for handling risk

Continuously monitor and review the status of risk present in the data centre

Reduce the frequency and magnitude of incidents

Detect and respond to events when they occur

Meet regulatory and compliance requirements

Support certification processes such as ISO/IEC 27001

Support overall corporate and IT governance

Course Syllabus

Risk management concepts

Senior management and risk

Enterprise Risk Management (ERM)

Benefits of risk management

Risk in facility, power, cooling, fire suppression, infrastructure and IT services

Impact of data centre downtime

Main causes of downtime

Cost factors in downtime

ISO/IEC 27001:2013, ISO/IEC 27005:2011, ISO/IEC 27002:2013

NIST SP 800-30

ISO/IEC 31000:2009

SS507:2008

ANSI/TIA-942

Other methodologies (CRAMM, EBIOS, OCTAVE, etc.)

Asset

Availability/Confidentiality/Integrity

Control

Information processing facility

Information security

Policy

Risk

Risk analysis/Risk assessment/Risk evaluation/

Risk treatment

Threat/Vulnerability

Types of risk

The need for software

Automation

Considerations

The risk management process

Establishing the context

Identification

Analysis

Evaluation

Treatment

Communication and consultation

Monitoring and review

Project management principles

Project management methods

Scope

Time

Cost

Cost estimate methods

General considerations

Risk evaluation, impact and acceptance criteria

Severity rating of impact

Occurrence rating of probability

Scope and boundaries

Scope constraints

Roles & responsibilities

Training, awareness and competence

The risk assessment process

Identification of assets

Identification of threats

Identification of existing controls

Identification of vulnerabilities

Identification of consequences

Hands-on exercise: Identification of assets, threats, existing controls, vulnerabilities and consequences

Risk estimation

Risk estimation methodologies

Assessment of consequences

Assessment of incident likelihood

Level of risk estimation

Risk evaluation

Hands-on exercise: Assessment of consequences,

probability and estimating level of risk

The risk treatment process steps

Risk Treatment Plan (RTP)

Risk modification

Risk retention

Risk avoidance

Risk sharing

Constraints in risk modification

Control categories

Control examples

Cost-benefit analysis

Control implementation

Residual risk

Effective communication of risk management activities

Benefits and concerns of communication

Ongoing monitoring and review

Criteria for review

Risk assessment approach

Data centre site selection

Data centre facility

Cloud computing

UPS scenarios

Force majeure

Organisational shortcomings

Human failure

Technical failure

Deliberate acts

Exam

Attendees will take a 1 hour CDRP® exam. The exam is 40 questions, closed book and multiple choice based. The passing mark is 27 out of 40. 

Contact Us For More Enquiries

Ready to take the next step? Fill out the form below to get started, and our team will reach out to guide you through the enrollment process. We’re excited to help you begin your journey!

Contact Us Form
Shopping Basket