Course Description:
I. Learning Objectives
IT Risk Governance is the responsibility of the board of directors and senior leadership. Its objectives are strategic and focus on establishing a framework and clear direction for how the organization will approach IT risk.
IT Risk Management is an operational function, typically carried out by IT and security teams under the direction set by governance. Its objectives are tactical and focus on the practical application of the governance framework.
Upon successful completion of this course, participants will be able to:
Foundational Concepts & Principles
• Define IT risk and articulate its significance in the context of achieving business objectives and maintaining organizational value.
• Differentiate between core terminology, including asset, threat, vulnerability, likelihood, impact, and control.
• Explain the essential principles of IT risk management, such as its continuous nature, its integration into decision-making, and its role in creating and protecting value.
• Describe the primary benefits of a formal IT risk management program, including improved decision-making, enhanced security posture, and regulatory compliance.
• The IT Risk Management Process
• Outline the key phases of the IT risk management lifecycle: risk identification, risk analysis, risk evaluation, and risk treatment.
• Identify common IT risks across various domains, such as infrastructure, cybersecurity, data, software development, and human factors.
• Assess IT risks by evaluating their potential impact and likelihood using common qualitative and quantitative techniques.
• Develop a basic risk register to document and track identified risks, their characteristics, and their status.
Governance & Frameworks
• Recognize prominent IT risk management frameworks and standards (e.g., ISO 31000, NIST Risk Management Framework, COBIT) and describe their primary purpose.
• Define the concepts of risk appetite and risk tolerance, and explain how they guide an organization's response to risk.
• Explain the four primary risk treatment strategies (mitigate, accept, transfer, avoid) and select an appropriate strategy for a given scenario.
• Identify the typical roles and responsibilities for IT risk management within an organization, from senior leadership to technical staff.
Communication & Application
• Explain the importance of continuous risk monitoring and review in a dynamic and evolving threat landscape.
• Articulate IT risk concepts and their potential business impact clearly to both technical and non-technical stakeholders.
• Apply the fundamental principles and core concepts of IT risk to analyze a basic real-world or hypothetical business case.
COURSE FEE:
ISACA Member Php9,975.00
Non-Member Php14,175.00
Fees are subject to 12% VAT