Courses We Offer

HMG Risk Management (IS1&2)

A two-day cyber security training course for public and private sector security professionals on HMG Information Assurance (IA) Risk Management.  The training course will cover the policy and guidance described in the published IA Standard (IS1&2), its supporting supplement and Good Practice Guide (GPG) 47. The methodology used to conduct risk assessment and risk treatment is reinforced using a practical real world case study.

Who Should Attend

Public Sector IA specialists (Accreditors, ITSOs and SIRAs) and Information Assurance professionals intending to identify, assess and manage the risks associated with HMG information systems. It is also useful for ICT managers looking to update their professional knowledge of HMG Risk Management policy and guidance. Delegates should be familiar with the principles of Information Assurance.

Course Content

  • Risk management in an HMG context
  • The HMG IA Risk Management Standard (IS1&2), the application of the supporting supplement and GPG 47
  • Knowledge of threats, vulnerabilities, business impacts, compromise methods, risk and risk mitigation controls
  • The risk assessment and treatment methodology
  • Practical experience of conducting a risk assessment and treating the risks identified
  • Identification of documentation requirements to support HMG IA Accreditation.

Training Documentation

Delegates are given a comprehensive set of training documentation and will have access to the IS1&2 Standard and various GPGs.


Day 1

  • Risk Management Overview
  • IA Governance
  • IS1&2 Overview
  • Business Impacts Levels (BILs)
  • Concepts used in Risk Assessment
  • Risk Assessment Methodology

Day 2

  • Risk Assessment Worked Example
  • Concepts used in Risk Treatment
  • Risk Treatment Methodology
  • Risk Treatment Worked Example

Throughout the two days syndicate exercises will be carried out to emphasise the security and IA requirements.

Training Professionals

All Amethyst’s courses are developed and delivered by experienced information security trainers some of whom are registered under the CESG Listed Adviser Scheme. The location of course venues will be arranged to meet the training requirement and can be delivered at your training facility. All Amethyst’s services are delivered in accordance with our ISO9001 certified quality procedures.