M3. Risk Management and Compliance

“Risk Management and Compliance” learning unit aims to empower learners with the knowledge, skills, and attitudes necessary to effectively apply risk management methodologies also referred to international compliance rules for cybersecurity. The module focuses on reducing threat impacts through effective cyber risk management programs. The module introduces learners to internationally recognized standards, particularly Information Security Management System (ISMS), outlining key steps and checklists for compliance. In addition to knowledge and skills, the module defines what is the general understanding for “compliance” and then underscores the development of attitudes related to applying ISMS compliance schemes and recommendations in risk analysis, recognition, and mitigation, empowering learners to proactively address and manage cybersecurity threats fostering a systemic approach to information security.

Aim: Upon the completion of this learning unit, the learner will be able to understand the meaning of ISMS and its relationship with international compliance rules.

Learning Outcomes

KNOWLEDGE

K1. Define components and requirements of Information Security Management System.

K2. Identify Information Risk Management as function of Information Security Management System.

K3.  Describe approach to Cybersecurity compliance rules.

SKILLS

S1. Identify main components of Information Security Management System.

S2.  Design Risk Management  schemes applied to SMEs.

S3. Examine Cybersecurity compliance rules requirements.

RESPONSIBILITY AND AUTONOMY

RA 1.  Collaborate in defining Information Security Management System of SMEs.

RA2. Comply with the Risk Management process.

RA3. Deal with the adoption of Cybersecurity compliance rules.