The process of identifying, assessing, and prioritizing risks, followed by coordinated and economical allocation of resources to minimize, monitor, and control the likelihood and/or impact of unfavourable events or to maximize the realization of opportunities, is known as risk management.

This course is designed to adhere to globally recognized standards like ISO 31000:2009 and frameworks such as ISACA’s Risk IT, and NIST and OCTAVE guidelines for risk management.

Objectives of the course:

- Identify and mitigate known/unknown IT risks
- Identify areas of cost-benefit optimization and, therefore, reduce IT expenditures
- Comprehend the ISO 31000:2009 standard and its applicability to the corporate environment
- Understand risk assessment as addressed in BASEL II, ISO 20000, ISO 27001, ITIL, COSO, COBIT, BS 25999 and its relevance to IT
- Understand different IT Risk Assessment Standards, Models, and Methodologies – NIST’s SP-800-30, and OCTAVE™, ISO 27005
- Gain insights into the practical use of risk assessment and control evaluation techniques