Compare courses

ICTD International Centre for Training and Development

ISRM: Information Security Risk Management

Available dates

This course has no confirmed dates in the future. Subscribe to be notified when it is offered.

About the course

The last decade’s rapid acceleration of network technology and the unparalleled growth of the Internet have led to increased risks to information and systems. Continuous advancements in technology and the relative ease with which people are able to access, manipulate, and store information has further compounded such risks, especially with organizations and society heavily dependent on information and systems for survival.

This course explores the world of technology and information security from a risk management perspective. Through an understanding of history and the examination of trends in today’s technology landscape, the course investigates the sources of risk and its business implications.

Course Objectives

By the end of this course, students should be able to:

  • Defend the need for security risk-based management based on an understanding of opportunity costs, within the confines of regulation and client expectations.
  • Identify and develop awareness of risk sources involving people, processes, information, and technology.
  • Defend enterprises through an understanding of the anatomy of attacks and the building of sustainable defense-in-depth (DiD) strategies to mitigate current and emerging attacks.
  • Review and develop an on-going and sustained approach to security risk-management throughout the enterprise.

Course Outline

Overview of Risk Management, Security, and Governance:

  • Overview of risk management and its life cycle
  • Business implications of security management, including risk and opportunity management (costs and benefits)
  • Understanding and reviewing risk management frameworks, standards, and practices

Overview of Risk Management, Security, and Governance:

  • Essentials of risk governance and legislation
  • Roles and responsibilities for security risk management
  • Articulating clear goals for enterprise risk management

Identifying Sources of Risk:

  • Understanding residual risks as well as threats, vulnerabilities, and organizational assets
  • Knowledge of different types of security threats and attacks
  • Physical versus logical security
  • Network, database, and application level security

Identifying Sources of Risk:

  • Understanding security risks in enterprise processes and employees
  • Emerging sources of risk: outsourcing, cloud, critical infrastructure, and cyber security
  • Technology projects, the SDLC and security risk planning

Dealing with Security Risks:

  • Anatomy of security threats and attack modeling
  • Security and the risk management life cycle
  • Quantitative vs. qualitative risk methodologies
  • Technical and non-technical risks management (Security policies, standards, guidelines, and governance)

Dealing with Security Risks:

  • Mitigation strategies and developing response plans (IRP, DRP, and BCP)
  • Technology projects, the SDLC, and security risk design and management
  • Developing Security-in-Depth

Ongoing Management of a secure enterprise:

  • Review of your risk and security management program
  • Review of security policies, standards, guidelines, and procedures
  • Review of security and enterprise governance frameworks

Ongoing Management of a secure enterprise:

  • Documentation of lessons learned
  • Security awareness, training, and education

Course Methodology

A variety of methodologies will be used during the course that includes:

  • (30%) Based on Case Studies
  • (30%) Techniques
  • (30%) Role Play
  • (10%) Concepts
  • Pre-test and Post-test
  • Variety of Learning Methods
  • Lectures
  • Case Studies and Self Questionaires
  • Group Work
  • Discussion
  • Presentation

Who should attend

  • IT Director/IT Manager
  • Information security Core Team or anyone with responsibility for, or with an interest in.

Course reviews

Downloadable files