Mastering the fundamental principles and concepts of Risk Assessment and Optimal Risk Management in Information Security based on ISO 27005:2018.
This two-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO 27005:2018 standard as a reference framework.
Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle.
During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO 27001:2013 standard.
For more information, please visit PECB .
Learning objectives :
- Acknowledge the correlation between Information Security risk management and security controls;
- Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO 27005;
- Learn how to interpret the requirements of ISO 27001 in Information Security Risk Management;
- Acquire the competence to effectively advise organizations in Information Security Risk Management best practices.
Who should attend?
- Information Security risk managers;
- Information Security team members;
- Individuals responsible for Information Security, compliance, and risk within an organization;
- Individuals implementing ISO 27001, seeking to comply with ISO 27001 or involved in a risk management program;
- IT consultants;
- IT professionals;
- Information Security officers;
- Privacy officers.
- Day 1:
- Introduction to ISO/IEC 27005 and implementation of a risk management programme
- Course objectives and structure
- Standard and regulatory framework
- Concepts and definitions of risk
- Risk management programme
- Context establishment
- Introduction to ISO/IEC 27005 and implementation of a risk management programme
- Day 2:
- Information security risk assessment, risk treatment and acceptance as specified in ISO/IEC 27005
- Risk identification
- Risk analysis
- Risk evaluation
- Risk assessment with a quantitative method
- Risk treatment
- Information security risk acceptance
- Information security risk assessment, risk treatment and acceptance as specified in ISO/IEC 27005
- Day 3:
- Risk communication, consultation, monitoring, review and risk assessment methods
- OCTAVE method
- MEHARI method
- EBIOS method
- Harmonized Threat and Risk Assessment (TRA) method
- Applying for certification and closing the trainin
- Risk communication, consultation, monitoring, review and risk assessment methods
This training is based on both theory and practice:
- Sessions of lectures illustrated with examples based on real cases;
- Practical exercises based on a full case study including role playing and oral presentations;
- Review exercises to assist the exam preparation;
- Practice test similar to the certification exam.
To benefit from the practical exercises, the number of training participants is limited.
- The “ISO 27005 Risk Manager” exam fully meets the requirements of the PECB Exam Certification Programme (ECP). The exam covers the following competence domains:
- Domain 1: Fundamental principles and concepts of Information Security Risk Management;
- Domain 2: Implementation of an Information Security Risk Management program;
- Domain 3: Information Security risk management framework and process based on ISO 27005;
- Domain 4: Other Information Security risk assessment methods.
- The “ISO 27005 Risk Manager” exam is available in different languages (trainers are fluent in English, French & Spanish);
- The exam is available online, please refer to PECB Exams User Manual ;
- Duration: 2 hours
- For more information about PECB Certified ISO 27005 exam and certification, refer to ISO 27005 Risk Manager Exam & Certification .
Duration: 3 Days
Exam: Included
Certification : Yes
Next Course
- Location : Lyon – France
- Status : Scheduled
- Language : French
« Formation théorique avec exemples d’application pratique. »