← Information Security & Cyber Governance
Public CourseRisk Management

Information Security Risk Assessment and Management

⏱ 2 days🖥 In-person✓ HRD Corp Claimable
After this course, you will be able to
📖
Apply the ISO/IEC 27001:2022 risk assessment process from asset identification through to risk treatment decision
🔍
Build and maintain an information asset register with appropriate CIA ratings and asset owners
🎯
Identify and map threats and vulnerabilities using Malaysian threat intelligence sources including NACSA and MyCERT
📊
Produce a complete risk register and Statement of Applicability to ISO/IEC 27001:2022 Clauses 6.1 and 8.2
🔧
Select and justify Annex A controls for a prioritised risk set including the 11 new 2022 controls
Maintain and review the ISMS risk assessment on a recurring basis as part of continual improvement
Overview

Learn to conduct, document and manage a compliant information security risk assessment under ISO/IEC 27001:2022. This intensive two-day programme moves participants beyond awareness to hands-on application — building an asset register, mapping threats and vulnerabilities, rating risks, selecting Annex A controls, and producing a complete Statement of Applicability.

Learning Objectives

This course will prepare you to:

Assessing
Identify and classify information assets, map threats and vulnerabilities, and apply a consistent risk rating methodology aligned to ISO/IEC 27005:2022 and ISO 31000:2018.
Documenting
Produce a complete Statement of Applicability, risk treatment plan and risk register to the standard required by ISO/IEC 27001:2022 Clauses 6.1 and 8.2.
Upcoming Sessions
10
Nov
In-personHRD Corp
📅 10–11 Nov 2026 (2 days)📍 Kuala Lumpur💰 RM 1,800 per pax 🪑 20 seats left
2-day ISMS risk assessment workshop. Produces asset register, risk register and SoA extract. Prerequisites: ISO 27001 Awareness or equivalent.
Register →
5
May
In-personHRD Corp
📅 5–6 May 2027 (2 days)📍 Kuala Lumpur💰 RM 1,800 per pax 🪑 20 seats left
Second run. Asset register, risk register and SoA workshop. Prerequisites: ISO 27001 Awareness or equivalent.
Register →
View Full Training Calendar →
Your Learning Pathway
Foundation
Introduction to Information Security Management Systems →
Ensure foundational ISMS knowledge before the risk assessment programme.
You are here
Information Security Risk Assessment and Management
Next step
Implementing Information Security Management Systems →
Apply your risk assessment outputs across the full ISMS implementation lifecycle.
Value Proposition
Affordability
We aim to make risk and resilience-type training affordable to everyone.
Accreditation
Core competency module for MIRAR's Certified Information Security System Implementer programme.
Practitioner's Focus
Workshop-driven programme producing real outputs — asset register, risk register, SoA extract and risk treatment plan — ready to use in your organisation immediately.
Free Membership
Participants will be accepted as Associate Member of MIRAR upon completion.
🏛
Delivered by the Malaysian Institute for Risk & Resilience — Malaysia's specialist institute for governance, risk, and compliance education.
Enrol Now

Register Your Interest

Quick Facts
Duration2 days
FormatIn-person
Next Session10–11 Nov 2026
CertificateCompletion
LanguageEnglish
CPD FundingHRD Corp Claimable
CategoryInformation Security & Cyber Governance
💬
Have questions?
Contact us for a custom quote or group booking.
Get in Touch →
📅
Upcoming Sessions
  • 10–11 Nov 2026
    In-personRM 1,800
  • 5–6 May 2027
    In-personRM 1,800
View Training Calendar →