NCSCs Cyber Security Risk Management

SKU: NTV-QACSRMIPP

710.418 kr.

Cyber Security Risk Management has been developed by and is under license from the National Cyber Security Centre (NCSC) and is exclusively available through QA.

Identify risks.

Strengthen oversight.

Govern with confidence.

Cyber risk is a growing threat to public services – and strong leadership is critical.

The Cyber Security Risk Management course is for those overseeing or advising on cyber risk within government or regulated environments. Delivered over two weeks, it equips professionals with the frameworks, tools, and confidence to govern risk effectively – from early scoping to in-life assurance – using the latest UK Government guidance.

This hands-on course helps learners strengthen cyber risk posture across departments, programmes, or suppliers. Aligned to updated government frameworks, it provides practical insight into evaluating current practices, identifying gaps, and embedding stronger governance.

Real-world scenarios and workplace reflection between course weeks ensure learners apply best practice directly – building capability that drives impact across public sector systems and services.

Forkröfur

  • Attendees must have at least six months’ experience in a cyber risk-related role.

  • Learners will need to bring their own laptop, that is able to connect to the internet, to complete group tasks.

Target Audience

This course is for cyber security risk consultants and practitioners who are responsible for reviewing, managing, or advising on cyber risk within or on behalf of government and private sector organisations.

Nemandi mun læra eftirfarandi

  • Develop confidence in applying cyber risk principles across a range of scenarios
  • Learn to assess and improve current risk management approaches
  • Gain clarity on frameworks, terminology and global best practices
  • Enhance your ability to support risk governance and planning activities
  • Apply learning between course weeks to maximise impact in your role

Samantekt

Over two intensive weeks, learners will explore:

Module 0 – NCSC Cyber Security Risk Management Framework

Get familiar with the NCSC’s high-level approach to managing cyber risk:

  • Overview of the NCSC framework and how each component connects
  • Key considerations for each stage of the risk lifecycle
  • Understand the purpose and flow of the cyber risk management lifecycle

Module 1 – Establish organisational context

Understand your business before managing its risks:

  • Define your organisation’s objectives and risk appetite
  • Identify internal/external risk factors using tools like PESTLE and SWOT
  • Prioritise focus areas from a cyber perspective
  • Recognise the value of understanding business context in cyber risk decisions

Module 2 – Identify decision makers, governance, processes and constraints

Lay the groundwork for effective risk ownership:

  • Map out governance structures and accountability
  • Identify key stakeholders, their authority, and decision-making processes
  • Align cyber risk with wider organisational processes and change management
  • Understand supply chain responsibility models and resource requirements.

Module 3 – Define your cyber risk challenge

Clarify what needs protecting – and from whom:

  • Set scope boundaries and assess maturity of your current approach
  • Understand threat intelligence and organisational risk synergies
  • Conduct impact assessments and identify critical assets
  • Analyse organisational priorities and readiness for change

Module 4 – Select your approach

  • Choose the right tools and methods for your risk assessment:
  • Compare global methodologies and NCSC-endorsed approaches
  • Assess suitability and limitations of various tools
  • Explore the NCSC blueprint and risk assessment toolsets
  • Understand what makes a method fit for purpose

Module 5 – Understand risks and how to manage them

Dig into the core risk assessment process:

  • Follow the ISO 27005 model to identify, evaluate, and treat risks
  • Differentiate between inherent and residual risk
  • Use risk matrices, registers, and documentation effectively
  • Develop risk treatment plans and justify control decisions

Module 6 – Communicate and consult

Build a culture of risk awareness:

  • Effectively communicate findings, priorities, and recommendations
  • Engage allies and stakeholders across the organisation
  • Present risks clearly using dashboards, KRIs/ KPIs, and heat maps
  • Encourage ongoing consultation and re-assessment

Module 7 – Implement and assure

Put your plan into action with confidence:

  • Apply defence-in-depth strategies and layered controls
  • Leverage “Secure by Design” and “Secure by Default” principles
  • Evaluate control effectiveness and maintain desired state
  • Understand cloud shared responsibility and assure supply chain security
  • Use NCSC-assured services and assurance models

Module 8 – Monitor and review

Make risk management a continuous process:

  • Review controls, scope, and metrics in light of evolving threats
  • Monitor performance using dashboards and testing mechanisms
  • Reassess risks periodically to maintain effectiveness
  • Ensure your approach stays relevant and aligned with organisational goals