Loading...

Mastering the fundamental principles and concepts of Risk Assessment and Optimal Risk Management in Information Security based on ISO 27005:2018.

This two-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO 27005:2018 standard as a reference framework.

Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle.

During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO 27001:2013 standard.

For more information, please visit PECB .

Learning objectives :

  • Acknowledge the correlation between Information Security risk management and security controls;
  • Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO 27005;
  • Learn how to interpret the requirements of ISO 27001 in Information Security Risk Management;
  • Acquire the competence to effectively advise organizations in Information Security Risk Management best practices.

Who should attend?

  • Information Security risk managers;
  • Information Security team members;
  • Individuals responsible for Information Security, compliance, and risk within an organization;
  • Individuals implementing ISO 27001, seeking to comply with ISO 27001 or involved in a risk management program;
  • IT consultants;
  • IT professionals;
  • Information Security officers;
  • Privacy officers.
  • Day 1:
    • Introduction, risk management program according to ISO 27005
      • Concepts and definitions related to risk management
      • Risk management standards, frameworks and methodologies
      • Implementation of an information security risk management program
      • Understanding an organization and its context
  • Day 2:
    • Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005
      • Risk identification
      • Risk analysis and risk evaluation
      • Risk assessment with a quantitative method
      • Risk treatment
      • Risk acceptance and residual risk management
      • Information Security Risk Communication and Consultation
      • Risk monitoring and review
    • Overview of other information security risk assessment methods and Certification Exam
      • Presentation of OCTAVE method
      • Presentation of MEHARI method
      • Presentation of EBIOS method
      • Presentation of Harmonized TRA method

This training is based on both theory and practice:

  • Sessions of lectures illustrated with examples based on real cases;
  • Practical exercises based on a full case study including role playing and oral presentations;
  • Review exercises to assist the exam preparation;
  • Practice test similar to the certification exam.

To benefit from the practical exercises, the number of training participants is limited.

  • The “ISO 27005 Risk Manager” exam fully meets the requirements of the PECB Exam Certification Programme (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of Information Security Risk Management;
    • Domain 2: Implementation of an Information Security Risk Management program;
    • Domain 3: Information Security risk management framework and process based on ISO 27005;
    • Domain 4: Other Information Security risk assessment methods.
  • The “ISO 27005 Risk Manager” exam is available in different languages (trainers are fluent in English, French & Spanish);
  • The exam is available online, please refer to PECB Exams User Manual ;
  • Duration: 2 hours
  • For more information about PECB Certified ISO 27005 exam and certification, refer to ISO 27005 Risk Manager Exam & Certification .

Duration: 2 Days

Exam: Included

Certification : Yes

Next Course

Oct
19
ISO 27005 Risk Manager
  • Location : Lausanne / Morges – Switzerland
  • Status : Scheduled
  • Language : French / English

Register

UPCOMING COURSES

« Formation théorique avec exemples d’application pratique. »

0%
Success

UPCOMING COURSES

ISO 27005 Risk Manager
    Date: 19-21.Oct.2020
  • Location : Lausanne / Morges
    • Switzerland
  • Status : Scheduled
  • Language : French / English

Register

ISO 27005 Risk Manager
    Date: 2-4.Nov.2020
  • Location : Paris
    • France
  • Status : Scheduled
  • Language : French

Register

ISO 27005 Risk Manager
    Date: 23-25.Nov.2020
  • Location : Lyon
    • France
  • Status : Scheduled
  • Language : French

Register

ISO 27005 Risk Manager
    Date: 30-2.Dec.2020
  • Location : Barcelona
    • Spain
  • Status : Scheduled
  • Language : English

Register