Course Information
Learning objectives
- Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO/IEC 27005
- Acknowledge the correlation between Information Security risk management and security controls
- Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management
- Acquire the competence and skills to effectively advise organizations on Information Security Risk Management best practices
- Acquire the knowledge necessary for the implementation, management and maintenance of an ongoing risk management program
- Information Security risk managers
- Information Security team members
- Individuals responsible for Information Security, compliance, and risk within an organization
- Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or individuals who are involved in a risk
management program - IT consultants
- IT professionals
- Information Security officers
- Privacy officers
Course Outline
Day 1: Introduction to ISO 27005, concepts and implementation of a risk management program
- Course objectives and structure
- Standard and regulatory framework
- Concepts and definitions of risk
- Implementing a risk management programme
- Context establishment
Day 3: Information Security Risk Acceptance, Communication, Consultation, Monitoring and Review
- Information security risk acceptance
- Information security risk communication and consultation
- Information security risk monitoring and review
Day 4: Risk Assessment Methodologies
- OCTAVE Method
- MEHARI Method
- EBIOS Method
- Harmonized Threat and Risk Assessment (TRA) Method
- Applying for certification and closing the training
Day 5: Certification Exam