Information Security and Risk Management Fundamentals

This programme covers the fundamentals of information security and risk management for professionals who need to understand security governance without being security specialists. Relevant for managers, IT leads, compliance teams, and business owners.

Modules

Information Security Principles
Confidentiality, Integrity, and Availability (CIA). Key concepts, relevant standards, and why they matter for business.

The Risk Management Process
Identifying, analysing, evaluating, and treating information security risks using a structured and repeatable approach.

Asset Identification and Classification
Mapping information assets, understanding their value, and assigning appropriate protection levels.

Threat and Vulnerability Assessment
Identifying threats relevant to your organisation and assessing existing vulnerabilities against them.

Security Controls and Countermeasures
Types of controls, including preventive, detective, and corrective controls, and how to select proportionate measures for identified risks.

Security Policies and Standards
What security policies should contain, how to write enforceable ones, and how to maintain them over time.

Business Continuity and Disaster Recovery
Linking information security to operational resilience. Key concepts in BCP and DRP without overcomplicating them.

Introduction to ISO 27001
Overview of the ISO 27001 framework, key controls, the audit cycle, and what achieving compliance looks like in practice.

Final Activity

Risk Assessment Exercise. Participants complete a structured information security risk assessment for a business scenario, identifying risks, rating them, and proposing treatment options.

Key Outcomes:
Apply a structured risk management process to information security
Identify and classify information assets accurately
Assess threats and vulnerabilities relevant to your organisation
Select appropriate controls to manage risk proportionately
Write clear and enforceable security policies
Understand what ISO 27001 compliance involves and how to begin

Fee: RM 2,200 per participant
Minimum enrolment: 1 participant
Duration: 2 Days
Level: Intermediate / Managers and non-specialist IT roles
HRD Corp Claimable
Certificate included

Frequently Asked Questions

RM 2,200 per participant.

IT managers, operations managers, compliance officers, business owners, and anyone with responsibility for information security governance.

It bridges both. The content is accessible to non-specialists while providing enough depth for IT managers.

Yes.

It provides a solid foundation and overview of ISO 27001. Full certification preparation requires additional specialist training.

It is useful for exercises, but not mandatory.

Yes, a Certificate of Completion is issued.

Yes, the programmes are complementary. We can arrange combined delivery for organisations covering both topics.