Course Information

Learning objectives

  • Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO/IEC 27005
  • Acknowledge the correlation between Information Security risk management and security controls
  • Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management
  • Acquire the competence and skills to effectively advise organizations on Information Security Risk Management best practices
  • Acquire the knowledge necessary for the implementation, management and maintenance of an ongoing risk management program
  • Information Security risk managers
  • Information Security team members
  • Individuals responsible for Information Security, compliance, and risk within an organization
  • Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or individuals who are involved in a risk
    management program
  • IT consultants
  • IT professionals
  • Information Security officers
  • Privacy officers

Course Outline

Day 1: Introduction to ISO 27005, concepts and implementation of a risk management program

  • Course objectives and structure
  • Standard and regulatory framework
  • Concepts and definitions of risk
  • Implementing a risk management programme
  • Context establishment

Day 3: Information Security Risk Acceptance, Communication, Consultation, Monitoring and Review

  • Information security risk acceptance
  • Information security risk communication and consultation
  • Information security risk monitoring and review

Day 4: Risk Assessment Methodologies

  • OCTAVE Method
  • MEHARI Method
  • EBIOS Method
  • Harmonized Threat and Risk Assessment (TRA) Method
  • Applying for certification and closing the training

Day 5: Certification Exam