COURSE OUTLINE
INFORMATION RISK MANAGEMENT AND COMPLIANCE
- Establish and maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
- Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
- Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify risk to the organization’s information.
- Determine appropriate risk treatment options to manage risk to acceptable levels.
- Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level.
- Identify the gap between current and desired risk levels to manage risk to an acceptable level.
- Integrate information risk management into business and IT processes (for example, development, procurement, project management, mergers and acquisitions) to promote a consistent and comprehensive information risk management process across the organization.
- Monitor existing risk to ensure that changes are identified and managed appropriately.
- Report noncompliance and other changes in information risk to the appropriate management to assist in the risk management decision-making process.
