BCS Practitioner Certificate in Information Risk Management — A 5 day course
This course covers the BCS/ISEB Practitioner Certificate in Information Risk Management for information systems and closely follows the approaches recommended in the ISO 27001 and ISO 27005 Standards.
By the end of the course, delegates will have a detailed understanding of all the key components of risk management, and be able to return to their organisation and make a significant contribution to the risk management process.
The course will enable delegates to confidently sit the BCS Practitioner Certificate in Information Risk Management examination which is taken on the last afternoon of the course.
On completion of this course delegates will be able to:
- Conduct a risk analysis, including business impact analyses and vulnerability assessments
- Explain how the management of information risk will bring about business benefits
- Explain and make full use of information risk management terminology
- Explain the importance of control selection and risk treatment
- Evaluate risks and present the results in a way which will form the basis of a risk treatment plan
Concepts and Importance of Information Risk Management
- The need for risk management
- The context of risk in business
- Review of information security fundamentals
- The use of international information risk management standards, e.g. ISO/IEC 27001, BS7799-3
The Information Risk Management Environment
- Developing an information risk management strategy
- Information, risk assessment, risk treatment and risk management
- Definitions of information risk management terminology
Stages of Information Risk Management
- Setting the scope
- Business impact analyses
- Threats, vulnerabilities and likelihood assessments
- Risk determination
- Risk management controls
Action and Implementation
- Information risk management methodologies
- Reporting and presentation
- Decision making
- Risk treatment
- Risk monitoring
Information Classification Schemes
- Classification process
- Classification issues
- Typical classification schemes
- Why conduct a risk assessment
- Scoping a risk assessment
- Conducting a business impact analysis
- Vulnerability information gathering
- Vulnerability and threat identification
- Categorisation of threats
- Linking threats to asset types
- Assessing threat likelihood
- Assessing vulnerability of assets to threats
- How to calculate risk
- Risk determination
- Produce recommendations for risk treatment
- Producing a report for management
- Different risk appetites
- Producing a risk treatment plan
- Assessing risks in outsourcing
Publicly scheduled dates, locations, and prices
A schedule of dates for this subject is not currently available. Please call 0333 210 0140 or use our contact form to enquire about places and availability.
The course will primarily benefit those involved in information security, audit and those engaged in the implementation and operation of formal information risk management, including those charged with PCI DSS and any corporate governance compliance requirement.
Candidates should ideally have at least 2 years experience in information security and risk management.
An understanding of information security standards, such as ISO 27001, ISO 27002 and ISO 27005 would be beneficial, as would attendance on the Certificate in Information Security Management Principles course (or similar).
The course fee includes sitting the BCS Practitioner Certificate in Information Risk Management examination. The 3 hour examination will comprise:
- Section 1: 10 multiple choice questions and 6 short answer questions
- Section 2: 3 scenario based essay style questions
Students will need to obtain a pass mark of at least 65% in Section 1 and an overall pass mark of 65% or more to pass the exam.