IT risk management is broader than information security risk management. While information security typically focuses on protecting confidentiality, integrity and availability of information, IT risk management also considers the effectiveness, efficiency, reliability and compliance of information systems and technology-enabled business processes.

In practice, organizations often expand their risk management perspective beyond information security once a certain level of security maturity has been established. At the same time, effective information security management itself relies heavily on sound risk management principles and practices.

This 3-days course is led by an instructor with experiences in information technology, information security, governance, risk management and audit. The training material is based on internationally recognized standards and leading practices, including ISO 31000, ISO/IEC 27005, COBIT, and ISACA’s Risk IT Framework, and is organized into an easy-to-understand format. Practical workshops are included throughout the course to help participants analyze realistic risk scenarios, identify potential controls and understand how risk assessment and control activities are applied in day-to-day professional practice.

• Understand fundamental risk management concepts and how they can be applied to information security and IT.
• Understand the differences between information security risk and IT risk.
• Understand the differences between asset-based and event-based risk assessment approaches.
• Learn and participate in hands-on workshops covering the four major categories of IT risk.
• Become familiar with relevant laws, regulations, standards, frameworks, and leading practices related to IT risk management.
• Learn how to analyze regulatory-driven controls and identify the underlying risks and objectives they are designed to address.
• Explore practical tools and techniques that support effective IT risk management activities.

Day 1

• Information security vs IT risk
• Risk management process
• Asset-based approach vs event-based approach
• Cyber and information security risks and controls
• Workshop 1: information security risk analysis

Day 2

• IT operation and service delivery risks and controls
• Workshop 2: IT operation and service delivery risk analysis
• IT program and project delivery risks and controls
• Workshop 3: IT program and project delivery risk analysis
• International standard and leading practice

Day 3

• IT benefit/value enablement risks and controls
• Workshop 4: IT benefit/value enablement risk analysis
• Practical response to regulatory and compliance changes
• Workshop 5: New regulatory requirements
• Recommended resources for IT risk management

• IT risk manager
• Information security manager
• IT manager
• IT project manager
• IT compliance
• IT auditor