ISO/IEC 27005:2011 - Certified Risk Manager
Summary
The ISO 27005 “Certified Risk Manager” training enables the participants to master the basic risk management elements related to information using the ISO/IEC 27005:2011 standard as a reference framework. Based on practical exercises and case studies, the participant will be able to perform an optimal risk evaluation and manage risks in time by being familiar with their life cycle. Participants will learn the different methods of risk assessment used on the market e.g.: CRAMM, EBIOS, Mehari, OCTAVE and Microsoft Security Risk Management Guide.
Note that this training fits perfectly in the framework of an ISO 27001 standard implementation process.
Who should participate?
• Person responsible for Risk Management within an organization
• Person responsible for information security or conformity within an organization
• Member of the information security team
• Expert advisor in IT
• Staff of organizations implementing or seeking to comply with ISO/IEC 27001:2005 or involved in a risk management program
Learning objectives
• Acquire the knowledge necessary for the implementation, management and maintenance of an ongoing risk management program
• To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of risk
• Understand the relationship between the information security management system (including risk management), the security measures and the compliance with the requirements of different stakeholders of an organization
• Interpret the requirements of ISO/IEC 27001:2005 on risk management
Course details
Day 1: Introduction to risk management according to ISO 27005
• Concepts and definitions related to risk management
• Standards, frameworks and methodologies in risk management
• Implement a risk management program
• Risk analysis (identification and estimation)
Day 2: Risk management and risk treatment according to ISO 27005
• Risk Assessment
• Risk Treatment
• Acceptance of risk and management of residual risks
• Risk communication
• Monitoring and controlling risk
Day 3: Introduction to methods of risk assessment
• Introduction to CRAMM
• Introduction to EBIOS
• Introduction to MEHARI
• Introduction to OCTAVE
• Introduction to Microsoft Security Risk Management
• “ISO/IEC 27005:2011 Certified Risk Manager” exam (2 hours)
Prerequisites
None
Examination and certification
• The “ISO/IEC 27005:2011 Certified Risk Manager” exam is certified by RABQSA and meets the criteria of the "RABQSA Training Provider Examination Certification Scheme" (TPECS) and covers the following competency unit:
• RABQSA – IS (Information Security Management System)
• Duration of the exam: 2 hours
• A certificate will be issued to participants who successfully complete the exam
General information
• A copy of ISO/IEC 27005:2011 is provided to the participants for the duration of the training
• A student manual containing over 250 pages of information and practical examples are given to participants
• A certificate of participation of 21 CPE (Continuing Professional Education) is awarded to participants
|
