Mastering risk assessment and optimal risk management based on ISO 27005
Summary
In this three-day intensive course participants develop the competence to
master the basic risk management elements related to all assets of
relevance for information security using the ISO/IEC 27005:2011 and ISO
31000:2009 standards as a reference framework. Based on practical exercises
and case studies, participants acquire the necessary knowledge and skills
to perform an optimal information security risk assessment and manage risks
in time by being familiar with their life cycle. This training fits
perfectly in the framework of an ISO/IEC 27001:2005 standard implementation
process.
Who should attend?
Risk managers
Persons responsible for information security or conformity within an
organization
Member of the information security team
IT consultants
Staff implementing or seeking to comply with ISO 27001 or involved in a
risk management program
Learning objectives
To understand the concepts, approaches, methods and techniques allowing an
effective risk management according to ISO 27005 and ISO 31000
To interpret the requirements of ISO 27001 on information security risk
management
To understand the relationship between the information security risk
management, the security controls and the compliance with the requirements
of different stakeholders of an organization
To acquire the competence to implement, maintain and manage an ongoing
information security risk management program according to ISO 27005 and ISO
31000
To acquire the competence to effectively advise organizations on the best
practices in risk management
Course Agenda
Day 1: Introduction, risk management program, risk identification and
assessment according to ISO 27005 and ISO 31000
Concepts and definitions related to risk management
Risk management standards, frameworks and methodologies
Implementation of an information security risk management program
Understanding an organization and its context
Risk identification and risk analysis
Day 2: Risk evaluation, treatment, acceptance, communication and
surveillance according to ISO 27005 and ISO 31000
Risk evaluation and risk treatment
Risk assessment with a quantitative method
Acceptance of information security risks and management of residual risks
Information security risk communication
Information security risk monitoring and review
Day 3: Introduction to risk assessment methodologies and ISO 27005/31000
exams
Introduction to risk assessment methodologies
Certified ISO 27005 Risk Manager Exam (2 hours)