Course Outline

 

The syllabus includes training objectives, details of modules and learning hours, plus a recommended reading list:

The latest syllabus (PDF)

Summary outline:

 

1. The concepts and framework of information risk management

  • The need for information risk management (lifecycle of information)
  • The context of risk in organisations

2. Information risk management fundamentals

  • The fundamentals of information security
    • confidentiality, integrity, availability (CIA)
    • accountability, nonrepudiation, authenticity, privacy, secrecy, identification, resilience and reliability
    • differences between information security, cyber security, information risk management and information assurance
  • Information risk management standards and good practice guides
  • The process of information risk management
    • The four stages of information risk management, covering context establishment; risk assessment; (risk identification, risk analysis, risk evaluation and risk treatment); communication and consultation; and monitoring and review
    • Risk management methodologies
  • Information risk terms and definitions
    • The meaning of the terms threats, hazards, vulnerabilities, proximity, likelihood, probability and risk.
    • The strategic risk treatment options, including risk avoidance or termination; risk reduction or modification; risk transference or sharing; risk acceptance or tolerance and risk retention

3. Establishing an information risk management programme

  • The requirements of an information risk management programme
    • The Plan-Do-Check-Act model, also known as the Deming Cycle
  • The development of a strategic approach to information risk management
  • The principles of information classification

4. Risk identification

  • The process to identify information assets (tangible and intangible)
  • Conduct a business impact analysis
  • Conduct a threat and vulnerability assessment

5. Risk assessment

  • Undertake a risk analysis
    • The differences between, and the appropriate use of qualitative, quantitative and semiqualitative risk analysis
    • The difference between generic and specific risk analyses
    • The construction and use of a risk matrix
  • Conduct risk evaluation

6. Risk treatment

  • Explain risk treatment options, controls and processes
    • The four strategic risk treatment options - risk avoidance or termination; risk reduction or modification; risk transference or sharing; risk acceptance or toleration and risk retention
    • The purpose of tactical risk treatment controls - prevention; detection; correction; direction; elimination; impact minimisation, monitoring and awareness, deterrence and recovery
    • The three types of operational risk treatment controls - procedural/people; physical/ environmental and technical/logical
  • Explain the use of a risk treatment plan

7. Monitor and review

  • Explain information risk monitoring
  • Undertake an information risk review

8. Presenting risks and business case

  • Report and present the progress of a risk management programme
  • Present a business case

 

NobleProg is a BCS Accredited Training Provider.

This course will be delivered by an expert NobleProg trainer approved by BCS.

The price includes delivery of the full course syllabus by an approved BCS trainer and the BCS CIRM exam (which can be taken remotely in your own time and is invigilated centrally by BCS). Subject to successfully passing the exam (multiple choice, requiring a score of at least 65% to pass) participants will hold the accredited BCS Practitioner Certificate in Information Risk Management (CIRM). 

Requirements

There are no formal entry requirements however, delegates will require an understanding of information assurance.

It will be advantageous for candidates to have an understanding of the laws that affect information risk management such as the Data Protection or Freedom of Information regulation. This qualification has been designed for Information Risk Managers and all those who have responsibility for managing information, whether in the public or the private sector.

  35 Hours
 

Testimonials (1)

Related Courses

CRISC - Certified in Risk and Information Systems Control

  21 Hours

BCS Foundation Certificate in Information Security Management Principles (CISMP) 4 day

  28 Hours

CISA - Certified Information Systems Auditor

  28 Hours

Related Categories