This risk management course is specifically designed to guide a CISO in defining and implementing a risk management approach within an IS program. The course introduces the student to the most common approaches and practices used by organizations worldwide. It is not intended to cover risk outside of the IS enterprise (including financial and business risks).
Course Outline
Module 1: Introduction to Risk Management
Module 2: The Essentials of a Risk Management Program
Module 3: Risk Management Frameworks
Module 4: Risk Management Policies and Procedures
Module 5: Risk-Based Audits
Module 6: Third-Party Risk Management (TPRM)
Module 7: Risk Management Positions
Module 8: Risk Law
Module 9: Procurement Risk Management
Module 10: Risk Culture
Module 11: Future of Risk Management
Course Content
This risk management course covers the following main subject areas:
Risk Management
- Risk Treatment
- Risk Management Frameworks
- Third-Party Risk Management
When the main subject areas are combined, they create an effective risk management program to establish the foundation to protecting information and assets. The specific focus of this course doesn’t allow covering certain topics. Subject areas related to risk––such as threat and vulnerability management, as well as information security controls––simply cannot be covered within the scope of this course.