The Information Security Risk Assessment course is a 3 day workshop developed in response to the demands of company owners, executives, directors, and managers keen to improve the effectiveness of their information and asset protection programmes and increase the relevance of risk assessment output produced by security personnel.
An effective risk assessment is the foundation upon which an information security system is built and the reason a system continues to improve, providing justification for security investment and management control over acceptable and unacceptable risk. A poor risk assessment can lead to underinvestment in the protection of critical assets, overinvestment in the protection of low risk assets, results being ignored by senior management and unfounded decisions being taken regarding security matters, and a misunderstanding of the real threat environment that may leave critical assets vulnerable, to name a few.
This course has been developed based on BS 7799-3 guidelines for information security risk assessment and the ISO/IEC 27001 specification for an information security management system and provides an in-depth look at what security risk assessment is really all about and how it can be used effectively as a management tool for assisting the decision making process regarding information security in your organisation.
Course Objectives
The objectives of this training are to provide those involved in the information security risk assessment process the tools, knowledge, and skills to deliver risk assessment results based on business requirements for information security inline with internationally acceptable best practices.
Target Audience
This course has been designed and is appropriate for the following groups: CIO, CISO, ISMS staff, information security professionals, security officers, security auditors, risk management professionals, consultants, managers of information security staff, and managers with an overall responsibility for information security within their organisation.
Course Content
Students attending the Information Security Risk Assessment workshop will acquire the following skills and competencies:
- Interacting with management and interpreting requirements
- Defining the scope
- Supporting management direction with policy
- Selecting a risk assessment methodology
- Developing risk acceptance criteria
- The process approach
- ISO/IEC 27001 and BS 7799-3
- Identifying information and supporting assets within the defined scope
- Valuing assets
- Identifying vulnerabilities
- Identifying and analysing threats
- Risk prioritisation
- Risk treatment planning
Method of Instruction
The method of instruction includes a balanced mixture of classroom lecture and practical hands-on exercises designed to teach students important theoretical concepts as well as their practical application within an information security management framework.