Summary of 104 - IT Security Risk Management: A Lifecycle Approach (ITSG-33)

Course Description

This course introduces the concepts of Information Technology (IT) security risk management for the Government of Canada (GC). Training is based on the principles and practices detailed in the guidance document – IT Security Risk Management: A Lifecycle Approach (ITSG-33). The course focuses on the high level processes in Annex 1 that identify the business needs for security and defining the IT security risk management environment. It also provides a brief overview of the Information System Security Implementation Process (ISSIP). Scenario-based discussions and exercises are embedded to support situating the processes within a Departmental context. Following the course, participants will be familiar with the risk management process, methodology and key concepts.

Course Objectives

  • This course / workshop will provide you with a high-level appreciation of the key concepts and processes of ITSG-33. It will help you to plan for and identify the initial steps to adopting ITSG-33 guidance within your department or agency.
    • Apply IT risk management within a GC context as defined in CSE guidance ITSG-33
    • Identify the initial steps to integrating risk management guidance within your department/agency




2 days

Target Audience

Project/Program Managers, IT Security Designers, Architects, Engineers and Managers


  • Course 601 - Introduction to IT Security Management [e-learning]
  • Knowledge of GC Security Risk Management is beneficial

Resources and Related Learning

Information Technology Security Guidance - IT Security Risk Management: A Lifecycle Approach (ITSG-33)

Report a problem on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: