This course will provide a basic awareness of the principles of technical risk assessment, risk treatment and risk management. It is relevant to both HMG organisations and to supply chain companies delivering to HMG contracts. The course is related to other QA security training and builds on the ’Foundations of Information Assurance for HMG’ course and explains in greater depth how risk management can be conducted in government organisations and in supply chain companies.
It also links to the course ’Introduction to Accreditation’ which explains the role of the HMG accreditor in the risk management process. This course contributes to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level.
The course emphasises that information risk management is part of overall business risk management. It explains the benefits of a common methodology and language for risk management but stresses that a rigid adoption of a process model is often not appropriate and that each aspect of risk management must be considered in the context of the business requirements and its appetite for risk.
The course objectives are:
This course is aimed at delegates with a basic knowledge of Information Assurance. Ideally, delegates should have some understanding of business risk management and security topics in general.
The course will benefit:
Support for CESG Certified Professional
This course contributes to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level:
Security and Information Risk Advisor, IA Auditor, Accreditor, IT Security Officer, Security Architect, Penetration Tester, Communications Security roles.
The course supports CCP Level 1: Awareness (understands the skill and its application). It provides skills against the following competencies used in the CCP assessment process:
A1: Governance, A2: Policy and Standards, B1: Risk Assessment, B2: Risk Management, D1: IA Methodologies, G1: Audit and Review.
IISP Skills Alignment
This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.
Continuous Professional Development (CPD)
CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).
At the end of this course you will be able to:
This course is delivered in 1 day
This is a high level overview of the principles of risk management that can be applied to any business context – HMG or commercial. It explains what the principles are and how they can be applied generically. This part of the course identifies how risk assessment, risk treatment and risk management can be conducted but doesn’t specify any particular methodologies or provide working examples of any methodology.
Information Assurance Risk Management
Module 1: Introduction and Review of Information Assurance
Module 2: What is Information Assurance Risk Management?
Module 3: How is Information Assurance Risk Management Conducted?
Module 4: Risk Treatment, Assurance and Management
Students should have attended the ’Foundations of Information Assurance for HMG’ course or have an equivalent level of knowledge. Students should also have general familiarity with HMG security policy.
Recommended pre-reading: The latest version of the Security Policy Framework