This course will provide a basic awareness of the principles of technical risk assessment, risk treatment and risk management. It is relevant to both HMG organisations and to supply chain companies delivering to HMG contracts.
The course is a second day for the Information Assurance Risk Management for HMG 'CourseMonsterIARMHMG' course and explains in greater depth how risk management, specifically IS1 & 2 can be conducted in government organisations.
It also links to the course 'Introduction to Accreditation' which explains the role of the HMG accreditor in the risk management process.
This part of the course uses a scenario based approach with instructor led group and individual exercises to practice the risk management methodology.
The course objectives are:
- To explain the principles of risk assessment, risk treatment and risk management as implemented in HMG organisations.
- To describe the available methods for completing a basic risk assessment.
- To enable delegates to understand the application of security controls to risks and the importance of adequate assurance.
- To explain how risk management can be conducted in the context of the business.
The course emphasises that information risk management is part of overall business risk management. It explains the benefits of a common methodology and language for risk management but stresses that a rigid adoption of a process model is often not appropriate and that each aspect of risk management must be considered in the context of the business requirements and its appetite for risk.