Course Outline
The syllabus includes training objectives, module details, learning hours, and a recommended reading list:
Summary outline:
1. Concepts and Framework of Information Risk Management
- The necessity for information risk management within the lifecycle of information
- The context of risk in organizational settings
2. Fundamentals of Information Risk Management
- Key principles of information security
- Confidentiality, integrity, and availability (CIA)
- Accountability, nonrepudiation, authenticity, privacy, secrecy, identification, resilience, and reliability
- Differentiating between information security, cyber security, information risk management, and information assurance
- Standards and best practices for information risk management
- The process of information risk management
- The four stages: context establishment; risk assessment (risk identification, analysis, evaluation, and treatment); communication and consultation; and monitoring and review
- Risk management methodologies
- Information risk terminology and definitions
- Definitions of threats, hazards, vulnerabilities, proximity, likelihood, probability, and risk
- Strategic options for risk treatment: avoidance or termination; reduction or modification; transference or sharing; acceptance or tolerance; and retention
3. Establishing an Information Risk Management Program
- Requirements for an information risk management program
- The Plan-Do-Check-Act (PDCA) model, also known as the Deming Cycle
- Developing a strategic approach to information risk management
- Principles of information classification
4. Risk Identification
- The process for identifying information assets (both tangible and intangible)
- Conducting a business impact analysis
- Performing threat and vulnerability assessments
5. Risk Assessment
- Conducting risk analysis
- Differences between qualitative, quantitative, and semi-qualitative risk analysis and their appropriate use
- Distinguishing between generic and specific risk analyses
- Constructing and using a risk matrix
- Conducting risk evaluation
6. Risk Treatment
- Explaining risk treatment options, controls, and processes
- The four strategic risk treatment options: avoidance or termination; reduction or modification; transference or sharing; acceptance or tolerance; and retention
- Purposes of tactical risk treatment controls: prevention; detection; correction; direction; elimination; impact minimization; monitoring; awareness; deterrence; and recovery
- Types of operational risk treatment controls: procedural/people; physical/environmental; and technical/logical
- Using a risk treatment plan
7. Monitoring and Review
- Explaining information risk monitoring processes
- Conducting an information risk review
8. Presenting Risks and Business Cases
- Reporting and presenting the progress of a risk management program
- Presenting a business case for risk management initiatives
NobleProg is an accredited training provider by BCS.
This course will be delivered by an expert NobleProg trainer approved by BCS for government.
The price includes the full delivery of the course syllabus by an approved BCS trainer and the BCS CIRM exam (which can be taken remotely at a time convenient to the participant and is centrally invigilated by BCS). Subject to successfully passing the exam (a multiple-choice format requiring a score of at least 65% to pass), participants will receive the accredited BCS Practitioner Certificate in Information Risk Management (CIRM) for government.
Requirements
Testimonials (4)
Really enjoyed the topics covered and the way that the trainer ran the session
Richard
Course - BCS Practitioner Certificate in Data Protection
The trainer was helpful..
Attila - Lifial
Course - Compliance and the Management of Compliance Risk
1. The BCS test exam questions were often incoherent or not related to the syllabus - which appears to be a trait of BCS course and exams 2. the subject matter was taught reading powerpoint slides full of text - the BCS should be providing at least some diagrammatic content and other visual aids especially as many people learn in very different ways - more than just reading text.
john - UKHO
Course - BCS Practitioner Certificate in Information Assurance Architecture (CIAA)
Speed of response and communication