This instructor-led course introduces the concept of cyber security risk management for the Government of Canada (GC). The course is based on the principles and practices detailed in the guidance document “IT Security Risk Management: A Lifecycle Approach” (ITSG-33). It focuses on the high-level processes in Annex 1 which identify business needs for security and define the IT security risk management environment. It also provides a brief overview of the Information System Security Implementation Process (ISSIP). Scenario-based discussions and exercises are included to support situating the processes within a departmental context. Upon completing this course, participants will be familiar with the risk management process, methodology, and key concepts.
Note: This course is part of the boot camp 910 - IT Security Risk Management. As a result, you are not required to register for this course if you are planning to register for the boot camp.
- Apply IT risk management within a GC context as defined in CSE guidance ITSG-33
- Identify the initial steps to integrating risk management guidance within your department/agency
Project/Program Managers, IT Security Designers, Architects, Engineers, and Managers.
Prior to attending, participants should have a working knowledge of GC Security Risk Management. To satisfy this requireement, we recommend participants take course 601 - Introduction to IT Security Management.