Summary of 104 - IT Security Risk Management: A Lifecycle Approach (ITSG-33)

Course Description

This instructor-led course introduces the concept of cyber security risk management for the Government of Canada (GC). The course is based on the principles and practices detailed in the guidance document “IT Security Risk Management: A Lifecycle Approach” (ITSG-33). It focuses on the high-level processes in Annex 1 which identify business needs for security and define the IT security risk management environment. It also provides a brief overview of the Information System Security Implementation Process (ISSIP). Scenario-based discussions and exercises are included to support situating the processes within a departmental context. Upon completing this course, participants will be familiar with the risk management process, methodology, and key concepts.

Note: This course is part of the boot camp 910 - IT Security Risk Management. As a result, you are not required to register for this course if you are planning to register for the boot camp.

Course Objectives

  • Apply IT risk management within a GC context as defined in CSE guidance ITSG-33
  • Identify the initial steps to integrating risk management guidance within your department/agency

Target Audience

GC employees at all levels who wish to become more familiar with the cyber security landscape and become knowledgeable on how to protect classified and sensitive information on GC networks




2 days


Prior to attending, participants should have a working knowledge of GC Security Risk Management. To satisfy this requirement, we recommend participants take course 601 - Introduction to IT Security Management.

Date modified: