Course not currently available
PCIRM - Practitioner Certificate in Information Risk Management Training Course
Course
Online
Description
-
Type
Course
-
Methodology
Online
Description:
The Practitioner Certificate in Information Risk Management (PCIRM) provides security practitioners with a comprehensive and highly practical course enabling them to develop a business focused information security and governance risk strategy. It closely follows the approaches recommended in the ISO 27001 and ISO 27005 standards. The five-day course prepares delegates to confidently sit the BCS/ISEB Practitioner Certificate in Information Risk Management examination.
Target Audience:
Information security and governance practitioners
Internal IT auditors
Staff from within compliance and operational risk functions
IT managers and senior staff
Project managers and others responsible for designing security in to information systems.
Objectives:
On completion of this course delegates will be able to:
develop an information risk management strategy
conduct threat vulnerability and likelihood assessments, business impact analyses and risk assessments
explain how the management of information risk will bring about significant business benefits
explain and make full use of information risk management terminology
explain the principles of controls and risk treatment
present results of the risk assessment in a format which will form the basis of a risk treatment plan
explain and produce information classification schemes
confidently sit the ISEB examination
About this course
Candidates should ideally have one to two years' experience in information security and are looking to get increasingly involved in the risk management process within their organization. An awareness of information security standards such as ISO 17799, and ISO 27001 would be beneficial, as would attendance on the Certificate in Information Security Management Principles course.
Reviews
Subjects
- Risk Assessment
- Risk
- Staff
- Risk Management
- Governance
- Approach
- ISO
- Project
- Systems
- IT risk
- Operational Risk
- Risk Strategy
Course programme
In this section of the syllabus, delegates will explore the overall concept of risk management and how it is used in the context of information risk.
1.1 The need for information risk management
1.2 The context of risk in the organisation
This section of the syllabus examines the information risk management environment and terminology in greater detail.
2.1 Review of information security fundamentals
2.2 The use of information risk management standards and good practice guides
2.3 The process of information risk management
2.4 Terms and definitions
This section of the syllabus examines the requirements for an information risk management programme, the strategic nature of its approach and the need for information classification.
3.1 The information risk management programme requirements
3.2 Development of the strategic approach to information risk management
3.3 Information classification
This section of the syllabus examines the first part of the information risk management programme, and deals in greater detail with the identification of information risk.
4.1 Identification of assets
4.2 Business impact analysis
4.3 Threat and vulnerability assessment
This section of the syllabus deals with how risks are analysed and evaluated, how the results are recorded and prioritised and how appropriate controls may be selected.
5.1 Risk analysis
5.2 Risk evaluation
5.3 Options for risk management control
This section of the syllabus covers the process for reporting and presenting the results of the risk assessment process and for gaining senior management approval to apply the appropriate controls.
6.1 Risk reporting and presentation
6.2 Business cases
6.3 Risk treatment plans
7.1 Information risk monitoring
7.2 Information risk review
Additional information
PCIRM - Practitioner Certificate in Information Risk Management Training Course