1. Target Audience

This practical, interactive workshop is designed for professionals with responsibilities or a working interest in cyber security and risk management. It is suitable for staff involved in information security, risk, assurance, compliance, IT, and operational roles who contribute to identifying, assessing, or mitigating cyber risk. No formal prerequisites are required; however, participants are expected to have a general understanding of cyber security concepts and an interest in managing risk within their organisation.

2. Duration

1 day.,

3. Delivery Mode

Virtual / client workplace / off-site classroom

4. Aims

This workshop will enable attendees to understand and correctly use common risk terminology as per “Risk Management & Governance” in the Cyber Body of Knowledge (CyBOK). In addition they will be able to complete a Risk Register with a minimum of three cyber security risks fully documented and with controls suggested.

5. Learning Outcomes

The aims are designed to contribute to attendee organisations achieving three outcomes:

• Mitigating cyber security risks.

• Meeting the cyber security risk expectations of customers, regulators, and boards.

• Demonstrating awareness and application of cyber security risk best practice as per “Risk Management & Governance” in the CyBOK.

By the end of this workshop, participants will be able to:

• Use standard cyber risk management terminology consistent with Risk Management & Governance in CyBOK.

• Identify and describe cyber security risks in terms of threat, vulnerability, impact, and likelihood.

• Assess and prioritise cyber risks using a structured risk assessment approach.

• Document cyber risks clearly within a risk register, including rationale and assumptions.

• Recommend proportionate control measures to mitigate identified cyber risks.