|
|
Course Overview The ability to accurately analyse, assess and manage the risk to business information systems has always been the central issue in information security. The increasing emphasis on corporate governance, and compliance with standards such as ISO 27001 and BS 25999, has further underlined the importance of knowing and managing risk. This course has been classified as IT Technical Training. Audience - Security and risk management practitioners involved in the practical implementation of risk analysis and management for information systems.
- Business managers and risk decision makers who need a good understanding of information risk analysis, assessment and management disciplines in order to make business risk decisions aligned with corporate governance principles.
Skills Gained This course will equip delegates with the skills to: - Carry out a business impact analysis (BIA)
- Carry out a threat & vulnerability assessment
- Identify risks that require treatment and recommend suitable controls
- Produce a Risk Report and Treatment Plan for business managers
- Produce (or improve) an Information Classification scheme.
Examinations This course covers the BCS/ISEB Practitioner Certificate in Information Risk Management for Information systems and closely follows the approaches recommended in the ISO/IEC 27001 and BS 7799-3 Standards. The course will enable delegates to confidently sit the BCS/ISEB Practitioner Certificate in Information Risk Management examination. Prerequisites Candidates should ideally have at least 2 years experience in information security and risk management. An understanding of information security standards such as ISO/IEC 27002 ISO/IEC 27001 and BS 7799-3 would be beneficial as would attendance on the Certificate in Information Security Management Principles course (or similar). Course Outline Introduction Concepts and importance of information risk management - The need for information risk management
- The context of risk in the business
- Review of information security fundamentals.
The information risk management environment - Developing an information risk management strategy
- Information risk management, risk assessment and risk treatment
- Information and related assets
- Information risk management terminology.
Stages of information risk management - Setting the scope
- Business impact analysis
- Threat and vulnerability assessment
- Risk determination
- Information risk management controls.
Action and implementation Information risk management methodologies - Risk reporting and presentation
- Decision making
- Risk treatment
- Risk monitoring.
Information classification schemes - Classification process
- Classification issues
- Typical classification schemes.
This training course is presented on behalf of CourseMonster by an ISEB accredited training provider.
How to make a booking for the PCIRM course
|