+49 89 55 26 7091



Since 2007, ISACA has focused intensively on the topic of risk & security management. In the past, little attention was paid to these two aspects in companies. Not only financial risks, but also organizational, cultural, procedural and other risks and security deficiencies are key factors in the company-wide handling of risk, which have prompted ISACA to publish these publications dealing with risk and security management. The main objective of RIBIS (Risk IT and Business Model for Information Security) is to provide a comprehensive overview of all corporate risks, their treatment and all security aspects. In order to meet this goal, a COBIT® 5.0 training is a minimum requirement, which is conveyed in this workshop.



The RISK IT framework complements ISACA COBIT® 5.0, which already provides a comprehensive framework for the control and governance of business-driven solutions and services. These business-driven solutions and services represent best practices as a means to risk management by providing a set of controls. They can be used to identify, address and manage an organization’s IT risks.

Internal events can be operational IT incidents, project failures, 180 degree IT strategy switches and mergers. External events can be, for example, changes in market conditions, new competitors, ever new technologies available and new rules and regulations. These events all represent a risk and must be evaluated and the appropriate measures developed and implemented. The risk dimension and how to manage it is the main topic of the Risk IT framework.

The following topics will be covered in this workshop:

BMI Security

In January 2009, ISACA introduced the “Security Community” and the business model for information technology security. The publications of the security experts have provided a glimpse into a new approach to effective information security management. BMIS focuses on the business environment in which information security is operated in relation to business processes. This particular focus offers a further view on “value driving” processes and systems within the company, which gives a better influence on information security.

Although security experts have managed to keep many potential attacks in check, there have been several costly security breaches that raise the legitimate question of how effective information security and its programs are in an organization?

From a business perspective, the primary goals of any company are often far removed from the technical world of IT. To bridge the gap between what the company does and how this is supported by high security, BMIS combines technical content with business thinking and a strategic view.


RIBIS provides a detailed overview of all safety and risk aspects including

and other topics that are necessary to deal with business risks and to understand the security aspects from all perspectives.

Workshop Goals

Contents of Risk IT and its domains

BMIS (Business Model for Information Security)


COBIT® 5.0 Foundation knowledge, ITIL® 2011 Foundation is an advantage

In this workshop we will cover many interesting aspects that are often overlooked in business. Contact us and we will help you to address the various RIBIS aspects in the workshop and ensure that you develop a company-specific concept to identify and evaluate risks, plan measures and implement the measures in the context of risk management projects.

Contact us now for a free quote on your project