This workshop presents the principles and application of information risk management as it relates to information security. It offers a structured risk register and a method for assessing control effectiveness. Attendees will learn the link between business and IT risk, and how risk is managed by the use of suitable controls. Content will dive into the difference between embedded monitors and early warning indicators and how the effectiveness of an individual control, or group of controls, can be measured. Leave with the knowledge and skills to effectively assess your organisations risk appetite and tolerance; improve risk awareness and communication; evaluate risk scenarios; and determine your risk response. After completing this workshop, you will be able to: Apply key deliverables necessary to develop and maintain an effective risk management programme following the Risk IT Framework Explain how the new Risk IT Framework relates to COBIT Evaluate implementation and operational issues Integrate IT risk management with ERM Audit/Evaluate the risk management programme