This course introduces the concepts of Information Technology (IT) security risk management for the Government of Canada (GC). Training is based on the principles and practices detailed in the guidance document – IT Security Risk Management: A Lifecycle Approach (ITSG-33). The course focuses on the high level processes in Annex 1 that identify the business needs for security and defining the IT security risk management environment. It also provides a brief overview of the Information System Security Implementation Process (ISSIP). Scenario-based discussions and exercises are embedded to support situating the processes within a Departmental context. Following the course, participants will be familiar with the risk management process, methodology and key concepts.
- This course / workshop will provide you with a high-level appreciation of the key concepts and processes of ITSG-33. It will help you to plan for and identify the initial steps to adopting ITSG-33 guidance within your department or agency.
- Apply IT risk management within a GC context as defined in CSE guidance ITSG-33
- Identify the initial steps to integrating risk management guidance within your department/agency
Project/Program Managers, IT Security Designers, Architects, Engineers and Managers
- Course 601 - Introduction to IT Security Management [e-learning]
- Knowledge of GC Security Risk Management is beneficial
Resources and Related Learning
Information Technology Security Guidance - IT Security Risk Management: A Lifecycle Approach (ITSG-33)