IRM-010/ IT Risk Management

3-Day Intensive Course for IT Risk and Compliance Professionals

3 Intense Days
7 Hours per Day (Split into two 3.5-hour sessions)

Learning Path Visual

Your guided journey from risk identification to mitigation strategy and stakeholder communication:

Day 1: Foundations of IT Risk Management
Understand risk types (strategic, operational, technical), regulatory drivers, and enterprise risk frameworks. Learn to identify, categorize, and scope IT risks using structured taxonomies.

Day 2: Risk Assessment, Analysis & Controls
Use tools and frameworks to assess impact and likelihood, prioritize risks, and select appropriate technical and administrative controls using ISO 27005, NIST RMF, and FAIR.

Day 3: Reporting, Governance & Remediation Strategy
Build risk registers, dashboards, and remediation plans. Present IT risk in business language to executives, and align mitigation with compliance frameworks and organizational risk appetite.

Course Overview

IT risk isn’t just a compliance concern — it’s a business imperative.
This course equips IT professionals with the skills to identify, analyze, and manage information and cyber risk in real-world enterprise settings. Using global standards and hands-on tools, you’ll learn how to turn abstract risk into actionable, measurable outcomes.

You’ll learn how to:

• Understand different classes of IT and cyber risk

• Identify, document, and prioritize risks across systems and services

• Apply quantitative and qualitative risk analysis techniques

• Map controls using ISO 27005, NIST CSF, and FAIR

• Report risk posture clearly to non-technical stakeholders

• Align risk mitigation strategies with enterprise priorities and compliance demands

This course is ideal for security analysts, compliance officers, IT managers, and architects responsible for risk-sensitive systems.

What’s Inside Each Day

Day 1 — Foundations of IT Risk Management

• Types of risk: cyber, third-party, infrastructure, data, operations

• Enterprise risk vs. technical risk: understanding both sides

• IT risk frameworks: ISO 27005, COSO, NIST RMF

• Risk identification techniques: interviews, logs, threat models

• Creating your first risk taxonomy and scoping matrix

• Workshop: Identify risks across 3 IT domains (cloud, access, app)

Tools: Risk taxonomy templates, threat catalogs
Focus: Identification • Scoping • Frameworks

Day 2 — Risk Assessment, Analysis & Controls

• Impact vs. likelihood scoring (qualitative & quantitative)

• Risk heatmaps, matrices, and scoring systems

• Controls and mitigations: technical, administrative, detective

• Selecting controls using ISO 27002, CIS Controls

• Introducing FAIR: risk quantification modeling

• Workshop: Score and prioritize risks from a case study

Tools: Risk register spreadsheet, FAIR model, control checklists
Focus: Analysis • Prioritization • Mitigation Mapping

Day 3 — Reporting, Governance & Remediation Strategy

• Building risk dashboards and executive summaries

• Aligning risks with compliance: GDPR, SOX, ISO, PCI-DSS

• Communicating risk: business impact language

• Creating remediation roadmaps and mitigation trackers

• Governance layers: committees, policies, RACI models

• Workshop: Present a sample risk report to a simulated board

Tools: Power BI, risk summary templates, RACI matrices
Focus: Reporting • Governance • Stakeholder Engagement

Course Goals

By the end of this course, you’ll be able to:

• Identify and classify IT risks across diverse enterprise systems

• Apply consistent assessment and prioritization methodologies

• Map risks to appropriate mitigation strategies and controls

• Communicate risk posture and trends to stakeholders

• Build actionable remediation plans that support compliance

• Contribute to risk-aware decision-making and governance

Who Should Take This Course?

• IT risk managers and governance leads

• Cybersecurity analysts and compliance officers

• Enterprise architects and system owners

• IT managers responsible for risk registers and reporting

• PMO leaders supporting risk-based delivery

• Tech auditors and regulatory liaisons

Class Reference: IRM-010/
Form Updated on: 06/17/2025 (Version 1)
Last Modified on: 06/17/2025

Program Note

Includes editable risk register templates, FAIR modeling tools, heatmap visualizations, and reporting formats. Designed for real-world audit-readiness.

Brief pédagogique en français

IRM-010/ IT Gestion des risques est présenté ici en version synthétique française afin que les équipes pédagogiques puissent évaluer rapidement l'intérêt du module.

Le module s'inscrit dans la famille IT et gestion de projet. Il peut être adapté au calendrier de l'école, au niveau Tous niveaux, au volume horaire 3 jours et aux modalités d'évaluation prévues.

Objectif d'intervention

Ce module vise à relier les notions business à des livrables professionnels clairs et évaluables.

Livrables et activités possibles

• présentations, briefs, analyses ou recommandations structurées
• vocabulaire métier et communication avec parties prenantes
• mise en situation autour d'une décision, d'un projet ou d'un cas d'entreprise

Adaptation école

LC peut ajuster le déroulé, la langue d'enseignement, les supports, les exercices et les critères d'évaluation selon la promotion, le diplôme, le niveau d'autonomie attendu et les contraintes de planning.

Pour une version détaillée du syllabus en français, LC confirme le programme final après cadrage du niveau, des heures, du calendrier et des livrables attendus.