IT Security C&T
Bookmark and Share
  change font size تصغير الخط تكبير الخط print
Home » IT Security C&T Training Courses »

IT Risk Management


Course Overview 

IT Risk Management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to mini-mize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. IT Risk Management training is building the capabilities to identify, assess and propose the appropriate mitigation option in order to minimize the level of risk exposed to. During the training attendees shall be exposed to the methods and best practices to implement a sound risk management solution in the organization by following the appropriate risk approach which shall provide a systematic approach manage the risks identified and be able to imple-ment the right solution in all information assets lifecycle. This is a 5 day training with hands on and practical exercises that will enable the users to develop and imple-ment the risk management solution on all organization’s information assets.

Upon Completion

Students will get knowledge in:

  • IT Risks Framework  
  • Conducting BIA
  • Develop a Risk Methodology
  • Building Risk Library
  • Identify Risk Calculation Methods


Course Content


Risk Assessment Introduction

  • Risk Assessment Introduction
  • Business and Financial Risk
  • Definitions
  • CIA
  • Risk Frameworks
  • Risk Assessment Types
  • Roles and Responsibilities
  • Risk Awareness
  • Risk Assessment Methods
  • Risk Assessment Plan


RA Requirements

  • Introduction
  • Risks Types
  • Risk Analysis Requirements
  • Risk Analysis Team
  • Risk Analysis Questionnaire
  • Root cause analysis


Building RM module

  • ISO 27000 Series
  • ISO 27001 Controls
  • Applicable Controls Selection
  • Cost Benefit Analysis
  • Controls Gap Analysis
  • Information Gathering
  • Controls Level of Implementation
  • Building Risk Assessment Module


 Risk Calculation

  • Information Security Risk
  • Risk Factors
  • Risk Models
  • Risk Calculation Formula
  • Risk Calculation Approach
  • Risk Rating
  • Acceptable Risk
  • Residual Risk
  • Risk Assessment Model
  • Risk Assessment Template


Risk Assessment Elements

  • Risk Assessment Documentation
  • Scope Definition
  • Asset Register 
  • Qualitative and Quantitative
  • BIA


Risk Library

  • Threats
  • Threats valuation
  • Vulnerabilities
  • Vulnerabilities valuation
  • Risk Library


RA implementation

  • RA is a Security Program
  • Risk Management Process
  • Information Gathering
  • BIA
  • Threat Assessment
  • Controls Selection
  • Controls Implementation
  • Risk Acceptance
  • Risk Reporting
  • Risk Follow up



  • RA Reports Types
  • RA Reports Characteristics
  • RA Reports Owners and Viewers
  • RA Statistics


Course Title: Information Technology Risk Management (ITRM)

Duration: 5 days,40 Hrs

Class Format Options:

  • Instructor-Led Training 
  • Classroom

Who Should Attend:

  • Information Security Offic-ers and Security Administra-tors interested in enhancing their security skills and becom-ing more familiar with meth-ods and technics of conducting Risk Assessment and Mitiga-tion.
  • Graduate Students of CS, Engineering and MIS fields who are interested in getting hands-on experience in the field of computer and network security
  • Anyone who is preparing for key industry security certifica-tions such as ISO 27001.

Prerequisites: Information Security Founda-tion



Site By Privacy