25,000+ Courses Nationwide
0345 4506120

BCS-ISEB Practitioner - Information Risk Management

Security and risk management practitioners involved in the practical implementation of risk analysis and management for information systems. Business managers and risk decision makers who need a good understanding of information risk analysis, assessment and management disciplines in order to make business risk decisions aligned with corporate governance principles.

The management of risk is critical for any organisation in achieving its business objectives and this is certainly the case in the areas of information security (IS) and business continuity (BC).  In both areas, the business impact analysis and risk management are the foundation and corner stones to best practice IS and BC management systems.  Without these, organisations are making decisions in the dark about which controls need to be prioritised and implemented.  We can assist you in developing your risk management capabilities through consultancy, our purpose designed risk assessment tool (Abriska) and through our training courses, most notably our multiple certified Practitioner Certificate in Information Risk Management, where not only will you develop your risk management skills but are also able to gain a certificate to demonstrate your competence.

This 5 day course, which is delivered by trainers with practitioner backgrounds, leans heavily on practical exercises to provide you with extensive hands-on experience of all the key components of the risk management process.  You will gain invaluable experience in conducting an information risk assessment including business impact analyses and threat and vulnerability assessments.  You will also learn the importance of evaluating risks, selecting controls and presenting results in a way which will form the basis of a risk treatment plan.  As a BCS Gold Partner, we will aim to provide you with the skills and knowledge to enable you to return to your organisation and make a significant contribution to the risk management process.

The PCIRM training course makes full use of current and relevant international standards such as the ISO 27001 Information Security Standard, as well as ISO 31000 and ISO 27005.  The course culminates on the final afternoon with a BCS invigilated examination, which consists of scenario-based, multi choice and short answer questions.

Who should attend? The course will primarily benefit those involved in information security, audit and those engaged in the implementation and operation of formal information risk management, including those charged with PCI DSS compliance and any corporate governance compliance requirements.

Benefits By the end of the course, delegates will have a detailed understanding of all the key components of risk management and be able to return to their organisation and make a significant contribution to the risk management process.

Delegates will benefit from the practical and extensive experiences of the trainers who are all practising risk management specialists.

Select specific date to see price, venue and full details.

Learning Objectives

On completion of this course delegates will be able to demonstrate their competence in, and their ability to:

•Conduct an information risk assessment including business impact analysis and threat and vulnerability assessments

•Explain how the management of information risk will bring about business benefits

•Explain and make full use of information risk management terminology

•Explain the importance of control selection and risk treatment

•Evaluate risks and present the results in a way which will form the basis of a risk treatment plan


Candidates should ideally have at least 2 years’ experience in information security and risk management. An understanding of information security standards such as ISO 27001, ISO 27002 and ISO 27005 would be beneficial, as would attendance on the Certificate in Information Security Management Principles course (or similar). If delegates are uncertain about whether they meet course pre-requisites, they should contact us to discuss.

Course Content

Course style This is a ‘Practitioner’ course and leans heavily on discussions and workshops which are designed to reinforce the concepts being taught and to build the delegates confidence in conducting risk assessments.

The course is also designed to encourage debate, and the sharing of knowledge and experience between students.

Course Topics Concepts, Framework References and Definitions •Risk Management Principles •Risk Management Process •Risk Management Standards, e.g. ISO 27005 and ISO 31000 •The Need for Information Risk Management •Context of Risk in the Organisation

Establishing a Risk Management Programme •Programme Requirements •Developing a Strategic Approach to Information Risk Management •Information Classification Schemes

Risk Assessment: Identification •Asset Identification •Business Impact Analysis •Threat and Vulnerability Assessment

Risk Assessment: Analysis and Evaluation •Risk Analysis •Risk Evaluation

Risk Treatment •Options for Risk Treatment •Risk Treatment Plans

Presenting Risks and Business Case

Monitoring and Review

Exercises •Organisational Context Analysis •Business Impact Analysis •Financial and non-Financial Impact Assessment •Risk Assessment    - Risk Identification    - Risk Analysis    - Risk Evaluation •Risk Treatment •Risk Treatment Plans •Risk Reporting

Exams & Certification

BCS Examination After taking the course, delegates will be able to sit a formal 3 hour examination set by BCS Professional Certifications.

The examination will comprise: Section 1: 10 multiple choice questions 6 short answer questions

Section 2: 3 scenario based essay style questions.

Students will need to obtain a mark of at least 65% to pass the examination.

The BCS Examination is sat on the final day of the course.

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best