Information Risk Management
Introduction to Information Risk Management

This Course provides a strong risk management foundation by initially investigating what risk is and how it affects an organisation. It then looks at managing risk through a detailed review of the four stages of the risk management lifecycle, before identifying risk analysis approaches and providing some helpful risk register examples. 

Learning objectives

The objectives of this Course are to provide you with and understanding of:

  • What risk means, how it arises and the likelihood of it impacting an organisation
  • The effect big data, the Internet of Things and social media have on the risk landscape
  • Management techniques used by organisations to understand the risks they face
  • Risk treatment and risk reduction methods
  • The risk management lifecycle, illustrating how risks are identified, analysed, treated and monitored
  • Qualitative and quantitative methods of risk analysis
  • How assets can be classified to help manage risk

Intended audience

This Course is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications. 


There are no specific pre-requisites to study this Course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.


We welcome all feedback and suggestions - please contact us at if you are unsure about where to start or if would like help getting started.


Welcome to the Information Risk Management Learning Path.

Risk is a fundamental aspect of information security management and underpins many of the areas covered within the Certificate in Information Security Management Principles syllabus.

This learning path has two videos to provide you with a strong risk management foundation:

·        The first is all about understanding what risk is and how it affects an organization. Within this, the video looks at some of the more contemporary areas that impact information security like social media, big data and the Internet of Things.

·        The second video looks specifically at managing risk through a detailed review of the four stages of the risk management lifecycle. It also investigates risk analysis approaches and provides some helpful risk register examples.

The videos are supported by quizzes for you to check your understanding as you work through them.

About the Author
Learning Paths

Fred is a trainer and consultant specializing in cyber security.  His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics.  However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking.  From networking it was a natural progression to IT security and cyber security more generally.  As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.