Certified Information Security Risk Officer


Brit Certifications and Assessments (BCAA) is a leading UK based certification body. This CB is formed to address the gap in the industry in IT and IT Security sector. The certification body leads in IT security and IT certifications, and in particular doing it with highly pragmatic way.


BCAA UK works in hub and spoke model across the world.



R A C E Framework


The Read - Act - Certify - Engage framework from Brit Certifications and Assessments is a comprehensive approach designed to guarantee optimal studying, preparation, examination, and post-exam activities. By adhering to this structured process, individuals can be assured of mastering the subject matter effectively.



Commencing with the "Read" phase, learners are encouraged to extensively peruse course materials and gain a thorough understanding of the content at hand. This initial step sets the foundation for success by equipping candidates with essential knowledge and insights related to their chosen field.


Moving on to the "Act" stage, students actively apply their newfound expertise through practical exercises and real-world scenarios. This hands-on experience allows them to develop crucial problem-solving skills while reinforcing theoretical concepts.


“Certify” stage is where you will take your examination and get certified to establish yourself in the industry. Now “Engage” is the stage in which BCAA partner, will engage you in Webinars, Mock audits, and Group Discussions. This will enable you to keep abreast of your knowledge and build your competence.




One of the paramount benefits of information security risk management is its ability to provide a proactive approach towards safeguarding an organization's valuable assets. By identifying, assessing, and mitigating potential risks, businesses can effectively protect their sensitive information from unauthorized access or malicious activities.

The keyword here is "proactive," as it highlights the importance of staying ahead rather than reacting once a security breach occurs. With a robust risk management strategy in place, companies can anticipate and address vulnerabilities before they turn into major threats. This not only enhances overall operational resilience but also helps maintain customer trust and confidence in an increasingly interconnected digital landscape.

Furthermore, effective information security risk management ensures compliance with industry regulations and legal requirements, which are crucial for organizations operating within highly regulated sectors such as finance or healthcare.

In this way, by prioritizing proactive risk assessment and mitigation measures, businesses can actively mitigate potential harm and minimize the financial impact associated with data breaches or cyber-attacks while upholding their commitment to confidentiality, integrity, and availability of critical information resources.





Module 1: Information Security Basics

Module 2 : Information Security Risk Assessments
• Introduction
• What is Risk?
• Going Deeper with Risk
• Components of Risk
• Putting it All Together
• Information Security Risk
• What is an Information Security Risk Assessment?
• Why Assess Information Security Risk?
• Risk Assessments and the Security Program
• Information Risk Assessments Activities in a Nutshell


Module 3: Information Security Risk Assessment
• Data Collection
• Introduction
• The Sponsor
• The Project Team
• The Size and Breadth of the Risk Assessment
• Scheduling and Deadlines
• Assessor and Organization Experience
• Workload
• Data Collection Mechanisms
• Collectors
• Containers
• Executive Interviews
• Document Requests
• IT Asset Inventories
• Asset Scoping
• Interviews
• Asset Scoping Workshops
• Business Impact Analysis and Other Assessments
• Critical Success Factor Analysis
The Asset Profile Survey Who Do You Ask for information?
How Do You Ask for the Information? • What Do You Ask for?
• The Control Survey
• Who Do You Ask for Information? • How Do You Ask for Information?
• What Do You Ask for?
• Organizational vs. System Specific
• Scale vs. Yes or No
• Inquiry vs. Testing
• Survey Support Activities and Wrap-Up • Before and During the Survey • Review of Survey Responses.
• Post-Survey Verifications
• Consolidation


Module 4 Information Security Risk Assessment
• Data Analysis
• Introduction
• Compiling Observations from Organizational
• Risk Documents
• Preparation of Threat and Vulnerability Catalogs
• Threat Catalog
• Vulnerability Catalog
• Threat Vulnerability Pairs
• Overview of the System Risk Computation
• Designing the Impact Analysis Scheme
• Confidentiality
• Integrity
• Availability
• Preparing the Impact Score
• Designing the Control Analysis Scheme
• Designing the Likelihood Analysis Scheme
• Exposure
• Frequency
Putting it Together and the Final Risk Score


Module 5 Information Security Risk Assessment
• Risk Assessment
• Introduction
• System Risk Analysis
• Risk Classification
• Risk Rankings
• Individual System Risk Reviews
• Threat and Vulnerability Review
• Review Activities for Organizational Risk
• Review of Security Threats and Trends
• Review of Audit Findings
• Review of Security Incidents
• Review of Security Exceptions
• Review of Security Metrics
• Risk Prioritization and Risk Treatment


Module 6 Information Security Risk Assessment:
• Risk Prioritization and Treatment
• Introduction
• Organizational Risk Prioritization and Treatment
• Review of Security Threats and Trends
• Review of Audit Findings
• Review of Security Incidents
• Review of Security Exceptions
• Review of Security Metrics
• System Specific Risk Prioritization and Treatment
• Issues Register


Module 7 Information Security Risk Assessment:
• Reporting
Risk Analysis Executive Summary
• Methodology
• Organizational
• System Specific
• Results

• Organizational Analysis
• System Specific
• Risk Register


Module 8 Information Security Risk Assessment:
• Maintenance and Wrap Up
• Introduction
• Process Summary
• Data Collection
• Data Analysis
• Risk Analysis
• Reporting
• Key Deliverables
• Post Mortem
• Scoping
• Executive Interviews
• System Owners and Stewards
• Document Requests
• System Profile and Control Survey
• Analysis
• Reporting
• General Process



The training program carries certification.
Certified Information Security Risk Officer (CISRO)



The training is followed by a hybrid exam (MCQ and Narrative)



• Managers or consultants seeking to prepare and support an organization in planning, implementing, and maintaining a compliance program based on the any Information Security compliances
• CISRO is responsible for maintaining conformance with the Data Privacy compliances as well
• Members of Information security, Incident management and Information Security Risk
• Technical and compliance experts seeking to prepare for a CISRO role.
• Expert advisors involved in the security of personal data and Inforstructure.




128 City Road, London, EC1V 2NX,
United Kingdom enquiry@bcaa.uk
+44 203 476 4509

To Enroll classes, please contact us via enquiry@bcaa.uk