This risk management course is specifically designed to guide a CISO in defining and implementing a risk management approach within an IS program. The course introduces the student to the most common approaches and practices used by organizations worldwide. It is not intended to cover risk outside of the IS enterprise (including financial and business risks).


Course Outline

Module 1: Introduction to Risk Management

Module 2: The Essentials of a Risk Management Program

Module 3: Risk Management Frameworks

Module 4: Risk Management Policies and Procedures

Module 5: Risk-Based Audits

Module 6: Third-Party Risk Management (TPRM)

Module 7: Risk Management Positions

Module 8: Risk Law

Module 9: Procurement Risk Management

Module 10: Risk Culture

Module 11: Future of Risk Management


Course Content

This risk management course covers the following main subject areas:


Risk Management

  • Risk Treatment
  • Risk Management Frameworks
  • Third-Party Risk Management


When the main subject areas are combined, they create an effective risk management program to establish the foundation to protecting information and assets. The specific focus of this course doesn’t allow covering certain topics. Subject areas related to risk––such as threat and vulnerability management, as well as information security controls––simply cannot be covered within the scope of this course.

Risk Management Approach and Practices | RM