ISO/IEC 27005 Introduction
Introduction to ISO 27005 (1 Day)
Learning the best practices in risk management based on ISO 27005
Summary
This one day course allows participants to familiarize themselves with the fundamentals of risk management related to information security using the standard ISO/IEC 27005:2011 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. It should be noted that this course fits perfectly into the framework of a process of implementation of ISO 27001.
Who should attend?
IT professionals wishing to obtain a comprehensive understanding of risk management within an organization
Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program
Member of the information security team
Learning objectives
To understand the basics of the implementation, management and maintenance of an ongoing risk management program
To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of risk
To interpret the requirements of ISO 27001 on information security risk management
To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization
Course Agenda
Concepts and definitions related to risk management
Standards, frameworks and methodologies in risk management
Implement a risk management program
Risk identification and risk analysis
Risk evaluation and risk treatment
Acceptance of risk and management of residual risks
Communicating, monitoring and controlling risk
Prerequisites
None
Exam and certification
Not applicable
General information
A student manual containing over 100 pages of information and practical examples are given to participants
A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants
|
