The Practitioner Certificate in Information Risk Management (PCIRM) course is designed to provide foundation knowledge of the terminology and principles of information risk management. It is intended for individuals from information technologies or IT security backgrounds who are embarking on information risk management responsibilities or those who already fulfil information risk management roles who wish to formalise their accumulated experience. It is equally suitable for business managers who need to gain a formal insight into information risk management in support of wider business risk decision-making. The content of the course is aligned to international risk management standards. It thus provides a grounding in the requirements for fulfilment of increasingly mandatory corporate compliance obligations. The course leads to the PCIRM qualification regulated by the British Computer Society (BCS), which has become an industry-recognised credential for information risk managers.
Basic knowledge of business or technical process management is expected. Basic conceptual knowledge of corporate ICT systems is expected. Some prior experience of general business risk management would be advantageous but is not essential.
This course will prepare IT and information management practitioners for a formal qualification in information risk management. It provides a grounding in information risk management principles that will assist both technical individuals and business managers to gain a deeper insight into information risk in support of broader business or infrastructure risk management.
The course consists of 6 modules:
- Module 1 – Information Risk Management Concepts
- Module 2 – Information Risk Management Frameworks
- Module 3 – The Information Risk Management Process
- Module 4 – Implementing Information Risk Management
- Module 5 – Information Classification
- Module 6 – Preparation for the PCIRM Examination and Mock Exam Assessment
At the end of each module the student can undertake an assessment to assess their understanding of the information provided in that module and to see if the objectives of the module have been met. Each topic also contains a quiz that enables a student to test their knowledge of the information covered in that topic. At the end of the course an online mock examination is provided that prepares the student for taking the official BCS PCIRM exam. the exam itself is sat on the last day of the course.
- Information Risk Management Concepts
- Information risk management terminology
- Risk management in the business context
- Information risk management fundamentals
- Information Risk Management Frameworks
- Establishing an information risk management strategy
- Setting internal risk management standards and criteria
- The Information Risk Management Process
- Setting the risk management scope
- Threat and vulnerability assessment
- Business Impact Analysis
- Risk determination
- Information risk management controls
- Classification principles
- Implementing Information Risk Management
- Information risk management methodologies
- Risk reporting and presentation
- Business cases
- Decision making
- Risk treatment
- Risk monitoring
- Preparation for the PCIRM Examination
- Format, structure and scoring of the exam
- Mock Examination, using the BCS sample paper
BCS Exam Details:
- The concepts and framework of information risk management (5%)
- Information risk management fundamentals (10%)
- Establishing an information risk management programme (25%)
- Risk Identification (25%)
- Risk Assessment (20%)
- Risk Treatment (5%)
- Presenting risks and business case (5%)
- Monitor and review (5%)
A three-hour scenario based written examination consisting of:
- Section A – multiple-choice questions: Answer all of the 10 questions – each answer carries 1 mark.
- Section B – short answer questions: Answer all of the 6 questions – each answer carries 5 marks.
- Section C – essay questions: Answer all 3 questions – each answer carries 20 marks