About the course
URM is the most experienced and successful provider of the PCIRM Course in the UK and was the first organisation to have an information risk management course be certified as part of the GCHQ's Certified Training (GCT) Scheme.
The course, which is delivered by trainers with practitioner backgrounds, leans heavily on practical exercises to provide you with extensive hands-on experience of all the key components of the risk management process. The course makes full use of current and relevant international standards such as the ISO 27001 Information Security Standard, as well as ISO 31000 and ISO 27005.
You will gain invaluable experience in conducting an information risk assessment including business impact analyses and threat and vulnerability assessments. You will also learn the importance of evaluating risks, selecting controls and presenting results in a way which will form the basis of a risk treatment plan.
The course will primarily benefit those involved in information security, audit and those engaged in the implementation and operation of formal information risk management, including those charged with PCI DSS compliance and any corporate governance compliance requirements.
Candidates should ideally have at least 2 years’ experience in information security and risk management. An understanding of information security standards such as ISO 27001, ISO 27002 and ISO 27005 would be beneficial.
Course topics include:
· Concepts, references and definitions of risk management, including the risk management process and the context of risk in an organisation
· Establishing a risk management programme
· Risk assessment, including asset identification, business impact analysis and threat and vulnerability assessment, analysis and evaluation
· Options for risk treatment and risk treatment plans
· Presenting risks and the business case
· Monitoring and review
Examination: The course culminates in a 3 hour exam on the final afternoon, comprising multi choice, short answer and essay style questions.