IT Risk Management and Cybersecurity Frameworks

ACI Learning
Training overview
4 days
Next start date: Inquire for dates and prices - Worldwide
Professional Course

Course description

IT Risk Management and Cybersecurity Frameworks

This course focuses on risk identification, conducting risk assessments, determining appropriate risk responses, risk monitoring and risk reporting. Students review common risk assessment types and methodologies, and regulatory requirements.

COVID-19 Update

In light of COVID-19, this provider is now delivering some or all of their courses online. Contact them for more information!

Who should attend?

Information Security and IT Professionals and auditors looking to gain greater knowledge on how to perform an IT Risk Assessment and develop a strong IT Risk Management program.


Fundamentals of Information Security-ISG101

Training content

Introduction to Risk Management:

  • the risk management process: risk identification; analysis; evaluation; response; monitoring and reporting
  • how the information risk management process fits into the information security/cybersecurity program
  • data retention policy
  • information classification schema
  • data privacy program
  • who are the critical stakeholders/partners in the information risk management process and their roles in a risk management program
  • the changing threats associated to moving from centralized to decentralized information processing and storage

IT Risk Identification and Risk Universe:

  • identifying assets in an information risk analysis
  • dealing with emerging threats
  • determining the value of an asset to an enterprise
  • prioritizing, categorizing, and documenting information risks
  • uncovering information vulnerabilities

Risk Scenario Development:

  • facilitating scenario development exercises
  • determining scenario types: generic, strategy oriented or both
  • determining scenario components

Risk Analysis:

  • the risk analysis cycle and its components
  • management's concerns and perception of the information risk analysis process types of information risk analysis: quantitative vs. qualitative approach
  • software tools for performing the information risk analysis process
  • defining information risk analysis targets and scope
  • statements that create boundaries for the information risk analysis process
  • the information owner's role in the information risk analysis process

Risk Evaluation:

  • define the risk evaluation process and its components
  • determining and dealing with management's concerns and perception of the information risk analysis results
  • describing the information owner's role in the information risk evaluation process

Business Impact Analysis Overview:

  • describing the business impact analysis (BIA) process:
  • describing the business impact analysis (BIA) process
  • using the BIA as the key to a successful data security program
  • determining key stakeholders to be included in the business impact analysis process and the role each one plays
  • overview of plan facilitation
  • administrative information required in the action plan
  • identifying " impact criteria" and their importance to the organization
  • pinpointing key business processes and peak activity periods
  • developing algorithms to calculate business losses
  • making your BIA Exercise multi-purpose
  • creating the prioritized applications list
  • building organizational disaster recovery and business continuity plans using the business impact analysis results

Risk Response:

  • administrative information required in the action plan
  • logging risk and control information
  • creating action items in response to identified controls based on BIA or threat analysis results

Cost Benefit Analysis and Business Case:

  • developing a cost benefit analysis (CBA) and business case as the basis for determining the action plan to be presented to management for approval
  • methods for distributing and protecting the risk assessment results and associated action plan
  • evaluating the controls during the information risk analysis
  • determining the cost of control based on risk
  • categorize and document information controls for a total program
  • purpose and benefits of performing CBA and developing a business case
  • developing a cost benefit analysis
  • developing action plans
  • arriving at an "acceptable level of risk"

Control Development:

  • using the action plan to create assignments, schedules, and approvals
  • importance of project management good practices
  • developing and testing controls
  • importance of involving auditing and business owners in the process

Risk Monitoring and Reporting:

  • tracking action plans: start to finish (risk register development and maintenance)
  • conducting periodic threat analysis exercises after there are infrastructure changes, regulatory changes that may impact technology related controls or policies and after a security incident or outage
  • developing and monitoring key risk indicators and reacting when thresholds are exceeded

Course delivery details

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Certification / Credits

NASBA Certified CPE: 32 Credits Auditing

  • IT Audit Certificate
  • Risk and Compliance Certificate
  • Information Security Certificate

What You'll Learn

You will learn the different types of risk assessments and how to satisfy regulatory requirements regarding IT risk management.

About ACI

ACI Learning

At ACI Learning, we train leaders in Cybersecurity, Audit, and Information Technology. Whether you're starting your IT career, mastering your profession, or developing your team, we're with you every step of the way. We believe that training is not a...

Read more and show all training delivered by this supplier

Contact info

ACI Learning

 Show phone number


Average rating 5

Based on 1 reviews.

Bernard Dixon
I am currently enrolled in this course, it is alot of information in a short period of time. They do provide various ways of obtaining the information besides the lectures and slides in class. I was contacted by Jay! Who is a recruiter and advisor for the school. He walked me through the process from beginning until the first day of class, and ...
Show more
View again
Supplier Directory
Join our Supplier Directory to:
- Gain Traffic
- Get Noticed
- Showcase Your Services
- Free Listing Available