Diploma in Cybersecurity & Information Risk Management | OCRM®
Diploma

Diploma in Cybersecurity & Information Risk Management

Develop practitioner-level capability to apply, integrate, evaluate and improve cyber and information risk management practice through a structured OCRM® professional diploma focused on governance, risk scenarios, controls, assurance, third-party risk, incident learning, resilience and professional risk outputs.

Design or improve practical cybersecurity and information risk management arrangements

Analyse cyber and information risk scenarios and their organisational impacts

Integrate cyber and information risk into enterprise risk governance and reporting

Online study. 8 structured modules. Written assignments . 1 year access course access from enrolment confirmation.

Developed by risk management professionals
Aligned to international standards & good practice
Trusted by risk professionals worldwide

Is this certificate right for you?

See who it is designed for, what you will gain, and how the learning can be applied in practical enterprise risk management activity.

Who Should Enrol

This diploma is suitable for professionals who need practitioner-level capability in cybersecurity and information risk management, including:

  • Risk, compliance, governance and assurance practitioners working with cyber, technology or information risk

  • Cyber risk, information security, technology risk or digital governance professionals seeking broader applied risk capability

  • IT, operations, data, audit or compliance professionals responsible for risk information, controls, evidence or reporting

  • Managers responsible for digital processes, information assets, supplier risk, incident escalation or management review activity

  • Professionals responsible for producing, reviewing or improving cyber risk reports, control documentation, assurance evidence or governance materials

  • Internal audit, assurance, monitoring or control professionals working with cyber and information risk information

  • Professionals moving into practitioner-level cyber risk, technology risk, information risk, governance or assurance roles

  • Consultants, advisers or support professionals working with cyber risk frameworks, controls, reporting or governance arrangements

  • Mid-career professionals seeking structured progression from foundation study into practitioner-level cyber and information risk practice

By Completion, You Will Be Able To

Understand

  • Design or improve practical cybersecurity and information risk management arrangements
  • Analyse cyber and information risk scenarios and their organisational impacts

Apply

  • Integrate cyber and information risk into enterprise risk governance and reporting
  • Evaluate controls, assurance activity and third-party technology risk arrangements

Progress

  • Support incident management, recovery, resilience and lessons learned from a risk governance perspective
  • Produce professional cyber risk outputs for management, committees and governance use

Course Overview

The Diploma in Cybersecurity & Information Risk Management is a practitioner-level OCRM® qualification for professionals who need to apply cyber and information risk management in structured organisational settings. It is designed for professionals who already have, or are ready to develop beyond, foundation-level understanding and build more confident applied capability across cyber risk, information risk, technology risk and digital governance contexts.

The diploma focuses on how cyber and information risk management arrangements are designed, integrated, assessed, treated, assured, reported and improved in practice. Learners examine cyber risk frameworks, digital assets, architecture and threat context, risk assessment and scenario analysis, control design, third-party and supply chain technology risk, cyber assurance, incident management, organisational resilience and cyber risk reporting for management and governance use.

This diploma is suitable for professionals who need practical practitioner capability without requiring advanced technical security engineering, penetration testing, tactical cyber operations, malware analysis, exploit development, unauthorised access techniques or executive board-level governance expertise. It does not provide technical attack instruction or authorise cyber operations; it focuses on practitioner-level cyber risk governance, controls, assurance, evidence, reporting, escalation and resilience application.

It supports workplace application in risk, compliance, audit, governance, technology, operations, assurance, control monitoring, supplier oversight, incident reporting and wider management roles.

Practical Application

Learners apply diploma concepts through workplace-style tasks, structured analysis and professional documentation exercises. The diploma is designed to support practitioner-level application and the development of professional-grade artefacts for use in cyber and information risk settings.

Practical activities may include developing or interpreting:

  • Cyber and information risk framework notes

  • Digital asset and dependency summaries

  • Cyber risk scenario analysis notes

  • Control design and risk treatment summaries

  • Third-party and supply chain technology risk notes

  • Cyber assurance and control evidence summaries

  • Incident escalation, recovery and resilience notes

  • Cyber risk reporting and dashboard examples

  • Cyber risk improvement and action summaries

Learners also complete an applied professional practice project, helping them connect diploma concepts with realistic cyber and information risk practice and produce structured outputs that support risk-informed decision-making, reporting, escalation and governance review.

Programme, Assessment and Progression

Explore the programme content, assessment approach, progression pathway and the standards that support the quality and integrity of your qualification.

1. Programme Overview & Details

Comprehensive information and structured overview of the course details.

This module develops practitioner capability in cyber and information risk frameworks, focusing on how cyber risk, information risk, governance, ownership, assessment, controls, assurance and reporting fit together in organisational settings. Learners examine how structured frameworks support consistent risk ownership, escalation, accountability and decision-ready cyber risk information.

This module develops practitioner understanding of digital assets, architecture and the threat landscape at a business-risk level. Learners consider how information assets, systems, users, dependencies, third parties, architecture decisions and threat context influence cyber and information risk exposure, without requiring advanced technical engineering or offensive cyber expertise.

Learners analyse cyber and information risk scenarios in practical organisational contexts, considering how threats, vulnerabilities, control weaknesses, business impacts, likelihood, priority and escalation connect. The module supports applied judgement in assessing, structuring, documenting, and translating cyber risk information into management-level insight.

This module focuses on control design and risk treatment as integrated components of cyber and information risk practice. Learners examine how preventive, detective, responsive and recovery-oriented controls can be mapped to risk scenarios, assessed for effectiveness and linked to treatment decisions, residual risk and improvement activity.

Learners apply structured methods to third-party and supply chain technology risk, including supplier dependencies, outsourced services, cloud and platform reliance, control expectations, assurance evidence, monitoring and escalation. The module supports practitioner-grade outputs that help organisations understand and manage cyber and information risk beyond their direct internal environment.

This module examines cyber assurance and oversight through control evidence, assurance planning, control assurance awareness, issue management, remediation tracking and governance reporting. Learners practise translating assurance activity and control findings into practical cyber risk insight that supports ownership, accountability and more reliable management decisions.

Learners focus on cyber incident management, escalation, business response coordination, recovery, resilience and lessons learned from a risk governance perspective. The module helps learners understand how incident information, business impact, communication, recovery priorities and improvement actions support structured organisational response without providing tactical incident-response or technical attack instruction.

This module brings together the diploma themes through cyber risk reporting, governance communication, improvement planning and professional application. Learners consider how cyber risk data, assurance evidence, incident lessons, control issues and improvement priorities can be translated into clear insight for senior managers, committees, governance forums and relevant stakeholders.

2. Assessment & Award

Assessment is based on module-based written assignments and an applied professional practice project. Learners are expected to demonstrate practitioner-level understanding, applied judgement and the ability to produce professional risk and governance outputs for realistic cyber and information risk scenarios.

Submissions are marked against defined assessment criteria and are subject to quality assurance review processes.

On successful completion, learners receive the OCRM® Diploma in Cybersecurity & Information Risk Management.

3. Progression & Membership Pathway

Successful completion may support progression to further OCRM® qualifications, including executive diploma-level study in cyber and digital governance, enterprise risk governance, ESG leadership or related senior-level disciplines.

Successful completion may also support an application for Member of OCRM® status and the MCRM designation, subject to the membership criteria, experience requirements and approval process in force at the time of application.

This gives learners a structured route from practitioner-level diploma study into further professional development, advanced qualification progression and potential OCRM® membership progression.

This creates a structured route from foundation study into further professional development and potential OCRM® membership.

4. Standards & Credential Integrity

OCRM® qualifications are supported by:

Defined assessment criteria and quality assurance review

Academic integrity and professional conduct expectations

The OCRM® Code of Ethics and professional standards

Credential verification for learners, employers and stakeholders

OCRM® qualifications are supported by defined assessment criteria, quality assurance review processes, academic integrity expectations, professional conduct standards and credential verification.

Learners are expected to submit original work and comply with the OCRM® Code of Ethics. The qualification is designed with reference to recognised cyber risk, information risk, technology risk, governance, control, assurance, third-party risk, incident management, resilience and reporting concepts relevant to practitioner-level workplace application.

Credential verification is available through the OCRM® verification process, supporting transparency for learners, employers and professional stakeholders.

Questions before you enrol?

Review common questions and final enrolment details before starting your course.

Learner Reviews

Direct feedback from professionals who completed our courses.

Learner reviews will appear here once feedback has been collected for this course.

Frequently Asked Questions

Find answers to common questions about delivery, access, assessment, award and progression.

Yes, the course is delivered 100% online through our advanced learning management system (LMS). You can access your modules, learning materials, and submit assessments entirely online at your own pace from anywhere in the world.
You will have full access to the course materials and learning platform for 1 year access from the date of your enrolment confirmation. This provides ample time to complete the modules and assignments at a comfortable, self-paced speed.
The course is assessed through applied written assignments for each module. These assignments are designed to test your practical understanding of risk management concepts and their application to real-world scenarios. There are no traditional exams.
Upon successful completion of all modules and assessments, you will be awarded the official OCRM® Diploma in Diploma in Cybersecurity & Information Risk Management, reflecting your professional credential.
No prior risk management experience is strictly required to enrol. The programme starts with foundational concepts and builds up to advanced practical methods, making it suitable for both aspiring risk professionals and managers looking to formalise their skills.
Yes! Successful completion of this qualification provides a direct pathway for progression into further professional qualifications (such as ACRM or MCRM) and supports your eligibility for active professional membership tiers within OCRM.

Ready to begin your OCRM® qualification?

Diploma in Cybersecurity & Information Risk Management

£795Online1 year access access

By enrolling, you agree to the OCRM® Code of Ethics, academic integrity standards and applicable course terms.

Diploma in Cybersecurity & Information Risk Management
Diploma in

Diploma in Cybersecurity & Information Risk Management

£795One-time course fee
Delivery
Online
Qualification Type
Diploma
Access
1 year access
Course Structure
8 structured modules
Assessment
Written assignments
Award
OCRM® Diploma