Course
RISK
IT & Cybersecurity Risk Management («RISK»)
Course facts
- Having a sound knowledge of the central concepts, principles and definitions of IT and cyber risk management
- Understanding the most important requirements for risk management within the framework of an ISMS (e.g. according to ISO/IEC 27005)
- Knowing the relevant approaches, methods and techniques for identifying, evaluating and handling risks
- Analysing threat situations, identifying values and classifying risks systematically
- Performing cyber risk assessments in practice and making well-founded decisions to minimise risks
In the training, you will learn how to establish and operate effective risk management in IT and cybersecurity in a practice-orientated way using current examples.
The contents at a glance:
1 Introduction to Risk Management: Terms, principles and benefits for organisations – with psychological aspects of risk perception
2 Why Risk Management: Importance and added value for organisations, typical sources of error and success factors
3 Analysing the threat situation: Global cyber threats, situation reports, practical tools and sources
4 Identify assets & classify risks: Asset identification, risk types and risk classification based on importance and criticality
5 Conduct Cyber Risk Assessments: Methods such as:
- Compliance-based risk analyses
- Threat modelling
- Analysis of attack routes
6 Risk Management in the ISMS context: Application of international norms and standards such as ISO/IEC 27005, NIST Framework
7 Dealing with risks in digital business models: New requirements due to digitalisation and dynamic IT environments
Component of the following courses
Interactive exercises, case studies and discussions specifically support the transfer of learning into practice.
This course is designed for Chief Information Security Officers in small and medium-sized companies, IT managers and CxO functions with an interest in or need for information security.
Activity as security officer or information security officer and practical/professional experience in IT security.