Certificate in Cyber & Information Risk | OCRM®
Certificate

Certificate in Cyber & Information Risk

Build a practical business-focused foundation in cyber and information risk, including information assets, digital dependencies, risk scenarios, governance, controls, incident response, resilience and reporting.

Explain cyber and information risk in business terms

Identify common cyber and information risk scenarios

Describe governance and accountability for technology risk

Online study. 6 Structured Modules. Written assignments. 1 year access course access from enrolment confirmation.

Developed by risk management professionals
Aligned to international standards & good practice
Trusted by risk professionals worldwide

Is this certificate right for you?

See who it is designed for, what you will gain, and how the learning can be applied in practical enterprise risk management activity.

Who Should Enrol

This course is suitable for professionals who need a structured foundation in cyber and information risk in business terms, including:

  • Risk, compliance and governance practitioners

  • IT, data and information management professionals seeking a risk-focused foundation

  • Internal audit and assurance professionals

  • Operations and business managers responsible for digital processes or information assets

  • Managers involved in technology, supplier or third-party risk discussions

  • Public, private and third-sector professionals involved in risk reporting

  • Team leaders and functional managers who need to understand cyber and information risk without deep technical specialism

  • Early-to-mid career professionals seeking a structured entry point into cyber and information risk management

By Completion, You Will Be Able To

Understand

  • Explain cyber and information risk in business terms
  • Identify common cyber and information risk scenarios

Apply

  • Describe governance and accountability for technology risk
  • Assess cyber risks at a conceptual level

Progress

  • Support basic cyber risk reporting and escalation
  • Recognise how assets, threats, vulnerabilities and impacts connect in cyber risk scenarios

Course Overview

The Certificate in Cyber & Information Risk provides a structured introduction to cyber and information risk as business risks, not only technical issues. It is designed for learners who need to understand how digital technologies, information assets, systems, users, third parties, threats and vulnerabilities can affect organisational objectives, resilience and decision-making.

The course explains how cyber and information risks arise, how they are assessed conceptually, how controls and assurance support governance, and how incidents are reported, escalated and learned from. Learners develop a practical foundation for discussing cyber and information risk with technical teams, risk functions, management and other organisational stakeholders.

The course does not provide tactical cyber operations, penetration testing or technical attack instruction. It focuses on risk understanding, governance, controls, reporting and escalation.

This certificate is suitable for professionals who need a business-focused foundation in cyber and information risk without advanced technical, security engineering or specialist cyber operations expertise. It supports practical capability for workplace application in risk, compliance, audit, governance, IT, operations, data management, supplier management and wider business roles.

Practical Application

Learners apply course concepts through workplace-style tasks, structured risk analysis and practical documentation exercises. The course is designed to support usable professional application rather than technical operations training or purely theoretical understanding.

  • Practical activities include developing or interpreting:

  • Cyber and information risk examples

  • Information asset and dependency notes

  • Business-level threat, vulnerability and impact scenarios

  • Conceptual cyber risk assessment entries

  • Control theme summaries

  • Governance and accountability notes

  • Incident reporting and escalation summaries

  • Cyber risk reporting summaries

Learners also complete an applied organisational risk project, helping them connect cyber and information risk concepts with realistic workplace practice and support more confident participation in cyber risk discussions, reporting and escalation.

Programme, Assessment and Progression

Explore the programme content, assessment approach, progression pathway and the standards that support the quality and integrity of your qualification.

1. Programme Overview & Details

Comprehensive information and structured overview of the course details.

Learners are introduced to cyber and information risk as business risks linked to organisational objectives, information assets, threats and impacts. The module helps learners understand why cyber risk is not only an IT issue and how information risk affects confidentiality, integrity, availability and appropriate use of information.

This module explores information assets, data, systems, users, third parties and digital dependencies. Learners consider what information matters most, how it supports business value, and why organisations need to understand dependencies when identifying and managing cyber and information risk.

Learners examine how threats, vulnerabilities and impacts combine to create cyber and information risk scenarios. The module helps learners describe common scenarios in business terms, without tactical attack detail or technical exploitation instruction.

This module introduces conceptual cyber risk assessment and prioritisation. Learners consider likelihood, impact and priority at a foundation level, helping them understand how organisations decide which cyber and information risks require attention, escalation or further treatment.

Learners explore how cyber and information risk is governed through accountability, controls and assurance. The module introduces ownership, control themes, oversight and basic assurance awareness, helping learners understand how cyber risk is managed within organisational governance.

This module explains how organisations identify, respond to, recover from and learn from cyber and information incidents. Learners examine incident reporting, escalation, resilience and lessons learned, helping them understand how cyber incidents are managed in organisational risk terms.

2. Assessment & Award

Assessment is based on structured written assignments and an applied organisational risk project. Learners are expected to demonstrate understanding of cyber and information risk concepts and apply them to realistic organisational scenarios.

Submissions are marked against defined assessment criteria and are subject to quality assurance review processes.

On successful completion, learners receive the OCRM® Certificate in Cyber & Information Risk.

3. Progression & Membership Pathway

Successful completion may support progression to further OCRM® qualifications, including diploma-level study in cybersecurity and information risk management, enterprise and operational risk management, financial services risk management, organisational resilience or related governance disciplines.

Successful completion may also support an application for Practitioner Member of OCRM® status and the PCRM designation, subject to the membership criteria, experience requirements and approval process in force at the time of application.

This gives learners a structured route from foundation study into further professional development, qualification progression and potential OCRM® membership.

This creates a structured route from foundation study into further professional development and potential OCRM® membership.

4. Standards & Credential Integrity

OCRM® qualifications are supported by:

Defined assessment criteria and quality assurance review

Academic integrity and professional conduct expectations

The OCRM® Code of Ethics and professional standards

Credential verification for learners, employers and stakeholders

OCRM® qualifications are supported by defined assessment criteria, quality assurance review processes, academic integrity expectations, professional conduct standards and credential verification.

Learners are expected to submit original work and comply with the OCRM® Code of Ethics. The qualification is designed with reference to recognised risk management, governance, cyber resilience and information risk concepts relevant to business-focused risk practice.

Credential verification is available through the OCRM® verification process, supporting transparency for learners, employers and professional stakeholders.

Questions before you enrol?

Review common questions and final enrolment details before starting your course.

Learner Reviews

Direct feedback from professionals who completed our courses.

Learner reviews will appear here once feedback has been collected for this course.

Frequently Asked Questions

Find answers to common questions about delivery, access, assessment, award and progression.

Yes, the course is delivered 100% online through our advanced learning management system (LMS). You can access your modules, learning materials, and submit assessments entirely online at your own pace from anywhere in the world.
You will have full access to the course materials and learning platform for 1 year access from the date of your enrolment confirmation. This provides ample time to complete the modules and assignments at a comfortable, self-paced speed.
The course is assessed through applied written assignments for each module. These assignments are designed to test your practical understanding of risk management concepts and their application to real-world scenarios. There are no traditional exams.
Upon successful completion of all modules and assessments, you will be awarded the official OCRM® Certificate in Cyber & Information Risk, reflecting your professional credential.
No prior risk management experience is strictly required to enrol. The programme starts with foundational concepts and builds up to advanced practical methods, making it suitable for both aspiring risk professionals and managers looking to formalise their skills.
Yes! Successful completion of this qualification provides a direct pathway for progression into further professional qualifications (such as ACRM or MCRM) and supports your eligibility for active professional membership tiers within OCRM.

Ready to begin your OCRM® qualification?

Certificate in Cyber & Information Risk

£395Online1 year access access

By enrolling, you agree to the OCRM® Code of Ethics, academic integrity standards and applicable course terms.

Certificate in Cyber & Information Risk
Certificate in

Certificate in Cyber & Information Risk

£395One-time course fee
Delivery
Online
Qualification Type
Certificate
Access
1 year access
Course Structure
6 Structured Modules
Assessment
Written assignments
Award
OCRM® Certificate