Information security risk assessment training course

In this training course, you will be introduced to information security risk management and concepts such as enterprise risk management, ISO 31000 & ISO 27005, risk leadership and governance. You will also get to work concretely with a risk register and risk scenarios.

27 Sep 2024
9 a.m. to 5 p.m.
SURF office Utrecht

About the training

All SURF member institutions use the SURFaudit Information Security Assessment Framework for the SURFaudit benchmark. One of the components of the assessment framework concerns risk assessment. This training zooms in on this.

Training set-up

The training day is at SURF's office in Utrecht where you will meet physically. Theory and exercises alternate. During the day, there is ample opportunity to spar with the lecturer individually about learning goals or possible challenges at work.


  • Introduction to risk management for information security
    • With concepts such as enterprise risk management, risk capacity & risk appetite, ISO 31000 & ISO 27005, risk leadership and governance
    • Dealing with uncertainties
  • Risk identification
  • Risk assessment
  • Risk response and mitigation
  • Measuring and reporting on risks and measures
  • Risk assessment techniques in information security
  • SURF risk assessment toolkit
  • Learning from practical risk assessments at Fontys

Hands-on exercises

  • Completing a risk register
  • Risk assessment using a heat map
  • Risk-based work based on risk scenarios

For whom?

The training is for anyone starting to work with information security risk management.

Required prior knowledge

To follow this training, it is a requirement that you have attended the masterclass Toetsingskader informatiebeveiliging or have some knowledge of information security principles.


The costs for this training are 250 euros

Registration and cancellation

This article is relevant to