Information Security

Information Security Risk Management

Ref No: 2015017

Risk Management is one of the most important tools used by organizations to assess risks, particularly, Information Security (IS) risk management. Information is the base for organizations to make decisions.
ISO 27001 application explicitly requires risk assessment before selecting and implementing any controls. Similarly, each control selection must be justified by the process of risk assessment.
Risk management must evaluate threaten and vulnerability of impacting confidentiality, availability and integrity of information assets, ISM decisions are entirely driven by specific decisions resulted from risk assessment related to risks specified and information assets.
Therefore, risk assessment enables expenditure on controls to be balanced against the business harm likely to result from security failures.
From this point, AMAD Tech. provides training courses on IS Risk Management by the professional trainers in this field for the purpose of fulfilling our clients’ needs and protecting their information confidentiality.


  • Understanding the concept and importance of information security management;
  • Establishing the different stages of an ISMS and be confident using classification schemes;
  • Learning to scope and assess risks, including business impact and put in place controls; and
  • Producing risk reports and to plan and document internal ISMS audits.

Course Contents

  • Information security principles;
  • Information security management terminologies;
  • Information Security Management System;
  • Overview of risk management standards;
  • Information security risk assessment;
  • Risk analysis;
  • Risk identification;
  • Asset valuation;
  • Identification of threats and vulnerabilities;
  • Identification of existing controls;
  • Identification of consequences;
  • Risk estimation;
  • Risk evaluation;
  • Risk treatment process;
  • Risk avoidance;
  • Risk transfer;
  • Selection of security controls;
  • Risk reduction and acceptance; and
  • Legal, regulatory and contractual requirements.
  • Those who wish to improve ISMS within their organizations;
  • Information security and governance practitioners;
  • Internal auditors, managers and senior staff working in IT;
  • Those working in compliance and operational risk; and
  • Project managers and those responsible for design information security systems.

Trainees shall receive a portfolio containing the following materials:

  • Comprehensive course manual; and
  • A copy of both ISO 27001 and ISO 19011.
  • Attendees who pass the written exams shall receive an ISM Lead Auditor certificate, approved by IRCA.
  • Attendees shall receive a certificate of attendance from AMAD Tech.