Information Risk Management: Strategies for Preventing and Mitigating Information Security Breaches
HRCI: 1.75 Credits
SHRM: 1.75 PDCs

Regular price
Sale price

Stolen laptops, misplaced USB drives, network infiltration by hackers or viruses, crippling denial-of-service attacks—the threats to an organization’s sensitive data are many and continue to grow, even as more and more sensitive data and personally identifying information are maintained and transmitted electronically. The costs associated with information security breaches continue to grow also, partly because of increasingly stringent regulations that hold organizations financially responsible when they fail to secure their sensitive information.

So how should organizations respond to these threats? With a comprehensive, coordinated plan that employs both physical and electronic measures designed to keep sensitive data and personally identifying information out of the hands of cyber criminals and identity thieves.

This course details the extent and potential costs of the information security problem, describes the key components of a well designed information security plan, and outlines strategies that can go a long way toward protecting one of an organization’s most valuable assets—its information.

Managers, Supervisors, Employees & HR Professionals

100 - 110 minutes

To describe the risks associated with maintaining and transmitting sensitive data and personally identifying information, and to instruct leaders of businesses and organizations in developing strategies for mitigating these risks.

After completing this course, the learner will be able to:

  • distinguish between first- and third-party information risks;
  • recognize various types of first- and third-party information risks;
  • define the scope of the threat that information security breaches pose to organizations, based on current statistics;
  • interpret the major provisions of federal and state laws governing organizations' responsibilities for securing sensitive data and personally identifying information in their possession;
  • define the elements of effective risk management procedures;
  • develop and implement an appropriate information security policy for an organization;
  • identify the threats to information network security and the tools needed to secure networks against security breaches; and
  • develop a Computer Security Incident Response Plan and strategies for managing the risks associated with maintaining and transmitting sensitive data and personally identifying information.


  1. An Overview of Information Risk
  2. Statistics on Information Security Breaches
  3. Federal and State Regulations Governing Information Security
  4. Essential Risk Management Procedures
  5. Drafting an Information Security Policy
  6. Procedures for Properly Disposing of Sensitive Information
  7. Securing Networks against Information Security Breaches
  8. Responding to Information Security Breaches

HRCI logoThis Activity has been approved for 1.75 HR (General) recertification credit hours toward aPHR™, aPHRi™, PHR®, PHRca®, SPHR®, GPHR®, PHRi™ and SPHRi™ recertification through HR Certification Institute® (HRCI®). The use of this official seal confirms that this Activity has met HR Certification Institute's® (HRCI®) criteria for recertification credit pre-approval.

SHRM logoThis Activity has been approved for 1.75 PDCs toward SHRM-CP® or SHRM-SCP® recertification. The Human Equation is recognized by SHRM to offer Professional Development Credits (PDCs) for SHRM-CP® or SHRM-SCP® recertification activities.