Course Overview
- This course provides a comprehensive framework for conducting security risk assessments, aligned with ISO 31000:2018 and tailored for critical infrastructure sectors.
- Participants will gain practical knowledge and tools to identify, analyse, and mitigate risks across various threat vectors, ensuring compliance with the Security of Critical Infrastructure Act 2018.
- Through real-world examples and case studies, this course empowers those with security and risk management responsibilities, and also security and risk professionals, to enhance organisational resilience and enable the making of informed, risk-based decisions.
Learning Objectives
By the end of this course, participants will be able to:
1. Understand security risk management foundations
Grasp the foundational principles of security risk management as outlined in ISO 31000 and their application to critical infrastructure through the Critical Infrastructure Risk Management Program (CIRMP).
2. Define scope and context of security risk assessments
Establish the context, define the scope, and set tailored risk criteria for conducting security risk assessments that align with critical infrastructure needs and organisational objectives.
3. Assess human-based and systemic threats
Evaluate and manage diverse threats, including insider threats, cyber threats, physical security risks, and supply chain vulnerabilities, within the framework of security risk assessments.
4. Apply comprehensive risk analysis and evaluation frameworks
Employ structured methodologies for identifying, analysing, and evaluating risks, ensuring alignment with ISO 31000 and prioritising high-impact risks in critical infrastructure.
5. Develop and implement effective risk treatments
Identify, select, and implement risk treatment options that align with organisational goals and regulatory requirements while ensuring effective risk mitigation strategies are in place.
Learning Outcomes
After completing this course, participants will be able to:
1. Demonstrate proficiency in security risk management
Apply the principles of ISO 31000 to establish and conduct security risk assessments for critical infrastructure, ensuring comprehensive risk identification and management.
2. Integrate leadership and governance into risk management
Implement effective leadership and governance strategies to ensure alignment with the Security of Critical Infrastructure Act 2018 and drive organisational commitment to security risk management.
3. Enhance threat identification and mitigation
Identify and evaluate human-based and systemic vulnerabilities, applying tailored controls to address complex and evolving risks across critical infrastructure sectors.
4. Strengthen risk-based decision making
Use prioritised risk evaluation frameworks and decision-making criteria to develop practical and scalable risk mitigation strategies that meet organisational and regulatory requirements.
5. Maintain continuous improvement in risk management
Establish mechanisms for monitoring, reviewing, and reporting risk management activities, ensuring ongoing compliance and adaptation to evolving threats and regulatory landscapes.