104 - IT Security Risk Management: A Lifecycle Approach (ITSG-33)

This course introduces the concepts of Information Technology (IT) security risk management for the Government of Canada (GC). Training is based on the principles and practices detailed in the guidance document – IT Security Risk Management:  A Lifecycle Approach (ITSG-33). The course focuses on the high level processes in Annex 1 that identify the business needs for security and defining the IT security risk management environment.  It also provides a brief overview of the Information System Security Implementation Process (ISSIP).  Scenario-based discussions and exercises are embedded to support situating the processes within a Departmental context.  Following the course, participants will be familiar with the risk management process, methodology and key concepts.



This course / workshop will provide you with a high-level appreciation of the key concepts and processes of ITSG-33. It will help you to plan for and identify the initial steps to adopting ITSG-33 guidance within your department or agency.

  • Apply IT risk management within a GC context as defined in CSE guidance ITSG-33
  • Identify the initial steps to integrating risk management guidance within your department/agency


2.0 days

Target Audience:

Project/Program Managers, IT Security Designers, Architects, Engineers and Managers.


Recommended Prior Learning

  • Course 601 [e-learning]
  • Knowledge of GC Security Risk Management is beneficial


Start Date End Date Event Language Cost Location Type Status
2018-09-05 2018-09-06 English $800 1929 Ogilvie Road Classroom Open
2018-05-29 2018-05-30 English $800 1929 Ogilvie Road Classroom Open

For more information consult our IT Security Course Calendar.


The 105 Information System Security Implementation Process (ISSIP) course describes what the ISSIP is and why it is required, situates the ISSIP in the ITSG-33 security risk management process and describes all ISSIP activities.

The 701 IT Security Risk Management and Security Control Profiles course allows learners to interpret Departmental Threat and Risk Assessments, identify business domains, define IT security approaches and develop departmental security controls.

If you would like further clarification on which course is better suited to your needs, please email the ITS Learning Centre at its-education@cse-cst.gc.ca or call 613-991-7110.