Information security risk assessment training course

About the training

All SURF member institutions use the SURFaudit Information Security Assessment Framework for the SURFaudit benchmark. One of the components of the assessment framework concerns risk assessment. This training zooms in on this.

Training set-up

The training day is at SURF's office in Utrecht where you will meet physically. Theory and exercises alternate. During the day, there is ample opportunity to spar with the lecturer individually about learning goals or possible challenges at work.

Programme

• Introduction to risk management for information security
  • With concepts such as enterprise risk management, risk capacity & risk appetite, ISO 31000 & ISO 27005, risk leadership and governance
  • Dealing with uncertainties
• Risk identification
• Risk assessment
• Risk response and mitigation
• Measuring and reporting on risks and measures
• Risk assessment techniques in information security
• SURF risk assessment toolkit
• Learning from practical risk assessments at Fontys

Hands-on exercises

• Completing a risk register
• Risk assessment using a heat map
• Risk-based work based on risk scenarios

For whom?

The training is for anyone starting to work with information security risk management.

Required prior knowledge

To follow this training, it is a requirement that you have attended the masterclass Toetsingskader informatiebeveiliging or have some knowledge of information security principles.

Costs

The costs for this training are 250 euros

Registration and cancellation

• Deadline for registration is 16 September 2024.
• Registration is not optional; please read the cancellation conditions of SURFacademy meetings.