Skip to main content

Topic outline

  • IS Risk Mgmt. 10676320   

     Protect to Enable Approach

    "Embracing change with power & purpose"

    In this course we will adapt Competency Based Edu. CBE-Learning Strategy, Blended Learning delivery mode. 

    Class meetings:  S-Tu-Th  9h00-10h00  & 10h00-11h00, 

    Zoom meetings:   ID 822 821 8416

    The course aims to increase students’ understanding/competency in the following 3 topics: 

    1- Principles of risk mgmt. and Guidelines.دليل إدارة المخاطر 

    ما هو مفهوم - طرق - اهداف - انواع - ادوات - معوقات - ادارة المخاطر  •

     Why to manage risks?

    • How to manage risks?

    • Identification, Eval. Treatment of risks?

    • Current issues in risk management.

    2- IS/IT Risks. المخاطر التي تتعرض لها أنظمة المعلومات في المؤسسة

    3- Risk Info. System. نظام معلومات لإدارة المخاطر

    To create an ordered path through the chaos of a fast-paced, constantly changing environment to achieve business success. You are expected to understand business objectives, develop and implement plans, measure progress against time, cost and business requirements, while balancing priorities among different and potentially conflicting stakeholder groups. Identifying, analyzing, and appropriately responding to risk in a proactive fashion, rather than waiting for the overwhelming avalanche of issues, is an essential skill of the professionally competent manager. This course is for you, providing a practical approach to managing risk and detailing and implementing an effective risk management plan.

    Follow this link for your Course Learning Contract

    IS Risk Management  Course Contract and Road-Map   qr

    In this file you'll find the road-map that explains all the topic, quizzes, tests, and assignments clearly identified by weeks and dates.    

  • Learning Outcomes:

    - Articulate a Risk Management .... Definition

    - Differentiate between the different types of risk 

    - Appreciate the importance of risk management in Info. Systems.


    What is Risk Mgmt. ----   

    Governance Institute of Australia Web site

    Governance Institute of Australia Youtube

    what is risk management:

    Risk is the effect of uncertainty on Organizational long-term objectives. 

    Risk management is one of the key components of an organization's overall governance framework managing risk assists organizations in setting strategy to :

    1- Achieve long-term OBJECTIVES and 


     Taking risks is fundamental to profit & non-for-Profit organizations,  delivering on its strategy innovation in risk growth, avoidance of risk poses a threat to the future of the organization so doing nothing is probably the greatest risk.

    In a dynamic external environment management needs to consider the risk of not taking a risk or not making a decision. Recognizing and managing risk is a crucial part of the role of the board and management oversight of risk management is the responsibility of the board, they should review and approve the risk management policies and framework on a regular basis in this way the board decides on the nature and extent of the risks it is prepared to take in order to meet its objectives.

     Management is responsible for developing and implementing the risk management framework and its internal controls. The approach to risk will vary across organizations but a risk management framework should document risk tolerance, the levels of risk taking that are acceptable in order to achieve a specific objective will manage a category of risk appetite the level of risk the organization is willing to assume ensuring that the board management and staff all understand the scope for risk when making decisions and the type of risks that the organization is attempting to avoid, mitigate, transfer or accept.

    There are different types of risk: strategic risk, operational risk, emerging and people risk and compliance risk. Common tools use in the identification and management of risks include the risk management process, risk management policies and procedures risk and control. Self-assessment risk matrix scenario planning and loss event database the risk management process is iterative which means that it is a process of monitoring reviewing and focusing on continuous improvement.

     Developing a risk culture means creating a workplace where staff has the confidence to ask questions and to challenge assumptions about the way that business is can that our vision is to champion whole of organization governance and risk management through education advocacy and engagement with members and their broader community contact us to find out more about governance Institute and the benefits of membership governance Institute strengthening society through governance excellence

    M E A T

    Mitigate Risk.     Eliminate Risk.    Accept Risk.     Transfer or Share Risk.

    Folder: 1
  • Learning Outcomes:

    - Build a risk management Framework of Reference.

    - Follow the risk management Principles.

    - Apply the risk management standard Process.

    Risk-Based Thinking

    A Risk Mgmt. Principles & Guidelines   التوجيهات والخطوات و الخطوط العريضى الاساسية     Australia New-Zealand.

    a. ISO , المعايير الدولية

    b. Best Practices, افضل الممارسات - التجارب

    c. Learned Lessons   الدروس المستفاده من التجارب السابقة

    Files: 2 Folder: 1
  • Rational decision making model definition:

    Rational decision making is a multi-step and linear process, designed for problem-solving start from problem identification through solution, for making logically sound decisions.

    The rational decision making model is a good model to make good decisions because it depends on rational way used for problems solving.

    All Mind Tools 

    Folders: 2
  • How much is your business experience The Dependency on IT.

    - Hardware.   - Software   - Persware   - Data    - Networks.

    Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission from IT-related risk.
    An effective risk management process is an important component of a successful IT security program

    The principal goal ا لهدف الرئيس  of an organization’s risk management process should be to protect the organization and its ability to continue their business and perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

    Follow the link to Queensland Business - IT Risk

    Queensland Government - IT Risk Mgmt.  

    Folders: 5 Forum: 1 Turnitin Assignments: 2
  •  PP RR           Risk Mgmt Model

    Preparation الاستعداد- Prevention التجنب- قبل

    Response  اثناء الاستجابه -  Recovery التعافي بعد

    We Prepare to be able to Prevent....   our Response to Recover the Risk 

    Business Continuity Planning BCP and Disaster Recovery

    The key to business continuity planning and disaster recovery is to look at it as an entire function, as whole and complete in itself. The most effective way to coordinate your thinking and planning in this area is to document the various components required in one central document. This is called the Business Continuity Plan BCP.

    The purpose of developing a Business Continuity Plan is to ensure the continuation of your firm during and following any critical incident that results in disruption to the normal operational capability of the firm. This section will assist you to prepare a Risk Management Plan and Business Impact Analysis, and create Incident Response and Recovery Plans for your business.

    1. Developing a Business Continuity Plan The Business Continuity Plan is based on the Prevention, Preparedness, Response and Recovery (PPRR) framework. Each of the four key elements is represented by a part in the Business Continuity Planning Process as illustrated in Figure 7.2.

    It is important that you also consider any legislative or professional accounting body requirement in regard to business continuity or succession planning requirements that are designed to protect the interest of your clients.

    2. Prevention Prevention is all about risk management planning. This is where the likelihood and/or effects of risk associated with an incident are identified and managed. The key elements of the risk management processes are implemented at this stage, with threats identified and dealt with, or reduced to an acceptable level. These have been covered in detail in Section 7.3 of this module, but will be discussed briefly again here to maintain the context of the discussion in this section.

    3. Preparedness The key tool for the Preparedness element is the Business Impact Analysis. This is where the key activities of the firm that may be adversely affected by any disruptions are identified and prioritized. Prevention (Risk Management Plan) Response (Incident Response Plan) Recovery (Recovery Plan) Preparedness (Business Impact Analysis) Module 7: Risk Management 381

    4. Response The key function of the Response element is Incident Response Planning. This plan outlines the immediate actions to be taken to respond to an incident in terms of containment, control and minimizing of impacts.

    5. Recovery The Recovery section focuses on recovery planning. The purpose is to outline the actions that are to be taken to recover from an incident in order to minimize disruption and recovery times. Another important element of the Business Continuity Plan is the concept of regular updates and review. It is hoped that you will never need to use the plan, but if the need ever arises, you should know the plan is up to date with current details, information and resources. This is important, as it should reflect the changing needs of your firm. The templates and checklists provided in the following sections should be used as a guide only to assist you in developing your own Business Continuity Plan. You should customize it to suit the specific requirements and needs of your firm.

    6. Key items the plan should include: · Distribution list: An up-to-date list should be maintained of the people you have supplied with a copy of the plan and their contact details. Remember to keep a copy of the plan in a safe off-site location. · References and related documents: Make a list of all the documents that have a bearing on your Business Continuity Plan. · Table of contents: A table of contents should be included at the beginning of the plan. · Objectives of the plan: Objectives clarify the purpose of the plan and should describe the intended result. An example of some objectives for a practice would include:

    7. The objectives of this plan are to: · Undertake a risk management assessment of our firm; · Define and prioritize our critical practice functions; · Detail our immediate response to a critical incident; · Detail strategies and actions to be taken to enable our firm to continue operating; and · Review and update this plan on a regular basis.

    Folder: 1
  • Queensland Government   Business Queensland 

    Information technology (IT) plays a critical role in many businesses.

    If you own or manage a business that makes use of IT, it is important to identify risks to your IT systems and data, to reduce or manage those risks, and to develop a response plan in the event of an IT crisis. Business owners have legal obligations in relation to privacy, electronic transactions, and staff training that influence IT risk management strategies.

    IT risks include hardware and software failure, human error, spam, viruses and malicious attacks, as well as natural disasters such as fires, cyclones or floods.

    You can manage IT risks by completing a business risk assessment. Having a business continuity plan can help your business recover from an IT incident.

    This guide helps you understand IT risks and provides information about ways to prepare for and respond to IT incidents.

  • Student Learning Objectives

    8-1 Why are information systems vulnerable to destruction, error, and abuse?

    8-2 What is the business value of security and control?

    8-3 What are the components of an organizational framework for security and control?

    8-4 What are the most important tools and technologies for safeguarding information resources?


    File: 1 Folder: 1
  • Information technology risk management checklist

    If your business uses information technology (IT), it's important to understand the key steps that you can take to minimise IT risk. Risks include hardware and software failure, human error, spam, viruses and malicious attacks, as well as natural disasters.

  • Risk IS that will help us Respond to any risk and any information technology incident

    How you respond to information technology (IT) incidents determines how well your business recovers, and also influences customers' ideas about your reliability.

    Dashboarding and KPI's

  • Assignments: 3
loader image