Cyber Security Governance and Risk Management

The evolution of information technology (IT) affects the business environment in many significant ways. It has changed business practices, reduced costs and altered the ways in which information should be controlled. In addition, it has raised the level of knowledge and skills required to protect an enterprise’s information assets, and increased the need for well-educated professionals in the fields of information security, governance of IT and risk management.

For a number of years, many employers have been seeking to fill positions with information security professionals who possess a substantial background in security, business and risk management. This demand is expected to grow in the future. Employers have had difficulty in locating a sufficient number of adequately prepared candidates for the available positions.

Information security professionals need to be able to cope with the pace of rapid business changes and update themselves regularly with competent knowledge. Recent events, government regulations and changes in business processes have affected the role of information security and the methodologies information security professionals use. There has been a significant change in responsibilities held by the information security manager.

More often, traditional business functions such as compliance, risk management and privacy are being assigned to the information security manager. Therefore, the information security professional must understand not only technological requirements, but also the needs of the business.

What You Should Expect:

In the information-based business environment, business professionals who are competent in information security or information security professionals who understand business are in great demand. Information security managers must continually receive training to upgrade their knowledge, skills and abilities.

This course will provide detailed workshop discussion and case studies on key information security areas. We will focus on practical development and implementation of processes to manage governance, risk and compliance, and business continuity areas relating to information security within the enterprise.

Needless to say, the class will contain many exercises using real world case studies and examples.

Intended Audience:
  • Audit, risk, compliance, information security, government and legal professionals with a familiarity of basic IT/IS concepts who:
    • are new to information security and management
    • are interested in entering the field of information security and management
    • are interested in pursuing certifications related to information security and management
  • This course would also be appropriate for students and recent graduates


Zahir Ali Quettawalla, CISA, CISM, CRISC, has earned over 20 years of experience in the field of Information Technology, Security, Audit, Risk Management and Compliance. During his career he has undertaken a number of professional roles. These roles have included: information security manager, information systems auditor, systems analyst, program manager, project supervisor, university instructor/ and corporate trainer.

His extensive professional experience, rigorous learning and development regimen has enabled him to have a diversified and broad vision of an organization as a whole and has enabled to socialize and interact with the various units and functions within the organization competently and professionally.

Zahir is presently working with Telstra with NBN Information Security Team. In addition to his professional life, he is actively involved with the development of professional standards and development of professional services. This involvement is evident through his involvement with ISACA Chapter as an instructor for the last 14 years for training potential students and professionals for ISACA certifications. He has also conducted several workshops and training programs on financial modelling, office automation and project management for professional and chartered accountants for the last 14 years. Further, he has also authored around more several articles and books on the subject of Information Technology, Security, Audit and Management.


This course provides a holistic overview of the field of information security. Learn about what it takes to manage and operate an information security program and focus on areas such as information security governance, risk assessment, risk management, incident handling and business continuity planning.

Learning Objectives:
  • Ensure that an enterprise’s information is protected
  • Have the expertise needed to reduce risk and protect the enterprise
  • Design, develop, implement and manage an effective security management program
  • Establish and maintain an IT governance framework aligned with business objectives
  • Identify and manage information security risks
  • Understand key information security governance requirements and practices
  • Understand information security risks and processes to identify and manage risk within the organization
  • Understand key risk mitigation strategies for current and emerging information security issues
  • Develop and implementation key areas of an organizations information security program to mitigate risks to acceptable levels
  • Develop and implement processes for detecting, identifying, analysing and responding to information security incidents
  • Integrate information security incident response plans with the enterprise’s DRP and BCP
  • Organize, train and equip teams to respond to information security incidents
  • Periodically test and refine information security incident response plans
  • Manage the response to information security incidents
  • Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk
  • Establish and maintain integration among the incident response plan, DRP and BCP


  • Early bird: $1,300.00 AUD including GST.
  • Standard: $1,500.00 AUD including GST.

2-3 April 2018 Melbourne, AU Enrol me!
Terms and Conditions
  • Payment methods are either booking online via Event Brite or contacting us for an invoice.
  • Payment is required at the time of booking.
  • Cancellation notifications after 14 days prior to course commencement date are not eligible for refund.
  • Cancellations received between 15 and 28 days prior to course commencement will be charged 50% of the course fee.
  • Students are allowed 1 reschedule per class. Transfers received between 15 – 28 days prior to course commencement will be charged a $300 (incl GST) administrative fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Transfers received 14 days or less prior to course commencement will be charged 50% of the course fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Payment must be made in full prior to any rescheduling.
  • Student substitutions can be made in writing 48 hours prior to a class start.
  • If a student does not attend a scheduled session, there will be no refund or reschedule given. Payment is forfeited. Mossé Security reserves the right to cancel a course and will endeavour to provide participants with as much notice as possible. Upon cancellation, any fees already paid by the participant will be refunded.


Software Requirements:
Bring a laptop with a PDF reader and a web browser.