This course covers the Practitioner Certificate in Information Risk Management for Information systems and closely follows the approaches recommended in the ISO 27001 and ISO 27005 Standards.
BCS Practitioner Certificate in Information Risk Management
Candidates should ideally have at least 2 years' experience in information security and risk management. An understanding of information security Standards such as ISO 27001, ISO 27002 and ISO 27005 would be beneficial as would attendance on the Certificate in Information Security Management Principles course (or similar). If delegates are uncertain about whether they meet course pre-requisites, they should contact the training manager.
Who should attend?
The course will primarily benefit those involved in information security, audit and those engaged in the implementation and operation of formal information risk management, including those charged with PCI DSS compliance and any corporate governance compliance requirements.
- Conduct a risk analysis including business impact analyses and vulnerability assessments
- Explain how the management of information risk will bring about business benefits
- Explain and make full use of information risk management terminology
- Explain the importance of control selection and risk treatment
- Evaluate risks and present the results in a way which will form the basis of a risk treatment plan
Concepts & importance of information risk management
- The need for risk management
- The context of risk in the business
- Review of information security fundamentals
- The use of international information risk management standards, e.g. ISO/IEC 27001, ISO 27005
- Developing an information risk management strategy
- Information, risk assessment, risk treatment and risk management
- Information risk management terminology
- Setting the scope
- Business impact analyses
- Threats, vulnerabilities and likelihood assessments
- Risk determination
- Risk management controls
- Information risk management methodologies
- Reporting and presentation
- Decision making
- Risk treatment
- Risk monitoring
Information classification schemes
- Classification process
- Classification issues
- Typical classification schemes
- Why conduct a risk assessment?
- Scoping a risk assessment
- Conducting a Business Impact Analysis
- Vulnerability and threat identification
- Categorisation of threats
- Assessing threat likelihood
- Assessing vulnerability of assets to threats
- Risk Calculation
- Produce recommendations for risk treatment
- Producing a report for management
- Different risk appetites
- Producing a risk treatment plan
- Risks in Outsourcing
This is a QA approved partner course
Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.
Find dates and prices
Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at firstname.lastname@example.org to discuss how we can help.
Fully accredited to ensure we provide the highest possible standards in learning