Sorry, you need to enable JavaScript to visit this website.

Cyber Security Risk Assessment

Course level: Awareness
Atlas Analytics Visit the website

This is a practical, interactive risk analysis workshop for anyone with an interest in cyber security. Attendees may be new to the topic, or be analysts, managers, engineers, or policy experts with some awareness and who need to better understand what cyber security risk is and how to communicate its potential impact on business operations. They aspire to produce a range of insights, products, and decisions as part of their duties to support risk analysis and assessment to support best-practice cyber security.

Learning Objectives: By the end of this workshop attendees will be able to:

1. Understand and correctly use common risk terminology as per “Risk Management & Governance” in the Cyber Body of Knowledge (CyBOK).
2. Complete a Risk Register with a minimum of three cyber security risks fully documented and with controls suggested.

These learning objectives are designed to contribute to attendee organisations achieving three outcomes: 

1. Mitigating cyber security risks. 
2. Meeting the cyber security risk expectations of customers, regulators, and boards.
3. Demonstrating awareness and application of cyber security risk best practice as per “Risk Management & Governance” in the CyBOK .

The UK's National Cyber Security Centre (NCSC) defines cyber security's core function as being "To protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage." It is further concerned with "Preventing unauthorised access to the vast amounts of personal information we store on these devices, and online". 

NCSC approves of several definitions of risk, one of them being from the Treasury Orange Book ; “Risk is the effect of uncertainty on objectives. Risk is usually expressed in terms of causes, potential events, and their consequence”. Another is from the NCSC glossary: “Possible future outcomes that we can describe in terms of their chances of occurrence, and the impact they would have if realised.” 

All organisations across all business sectors - and especially those working in the Critical National Infrastructure sector - will benefit from enhancing their existing cyber security risk analysis, assessment, and management processes through attending this workshops, which through instructor-led discussion and group exercises, will help attendees more effectively identify and respond to risks posed by external threat actors, emerging technology, insider threats, as well as other risks like gaps in organisational governance or policy. Your learning will be put to the test during demanding but enjoyable group exercises that will challenge you to produce robust assessments, which your peers will constructively critique in a professional, collaborative environment.

Relevant Prior Knowledge and Experience: There are no specific candidate prerequisites, though the candidates are assumed to have an interest cyber security concepts and an interest in risk and how to mitigate it.

Structure: The course is comprised of pre-reading available on the Atlas Analytics website, and one workshop lasting one day. If the workshop is delivered in a language other than English and where an interpreter is used, time should be adjusted accordingly: see Equal Opportunity Issues below.

Assessment: There is no formal assessment during this workshop. A judgement of whether everyone has engaged with the material and other attendees is made based on individual and syndicate briefings, and on feedback in response to questions from the trainer to all individuals throughout the course. The trainer will be monitoring the group for any indicators and warnings that individuals are not understanding what has been taught; the trainer will then intervene by discussing with the individual their progress and whether they need any additional help. A summary of each learner's engagement and progress can be provided by the trainer.

Resources: The key materials that Atlas Analytics will provide are:

• Atlas Analytics – Cyber Security Risk Assessment – Webpage 1 – Online Pre-Reading
• Atlas Analytics – Cyber Security Risk Assessment – Document 2 - Main Presentation
• Atlas Analytics – Cyber Security Risk Assessment – Document 3 - Trainee Workbook
• Atlas Analytics – Cyber Security Risk Assessment - Document 4 – Tables
• Atlas Analytics – Cyber Security Risk Assessment - Document 5 – Scoping
• Atlas Analytics – Cyber Security Risk Assessment - Document 6 – Controls
• Atlas Analytics – Cyber Security Risk Assessment - Document 7 - Feedback

Any additional exercise materials are prepared on a case-by-case basis to suit the specific needs of the client. 

United Kingdom
Classroom, Online Virtual Classroom
Duration (days): 1.0
CyBOK Knowledge Area: Risk Management and Governance