(Click Category to List Courses)
28 - ISO - ISO (Standardization) Programs
ISO 108 - ISO 27005 Information Security Risk Management
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
ISO 108 | 21 October 2024 | 5 Days | Istanbul | Registration Form Link |
ISO 108 | 25 November 2024 | 5 Days | Istanbul | Registration Form Link |
ISO 108 | 30 December 2024 | 5 Days | Istanbul | Registration Form Link |
Course Description
Risk assessment and management provides the foundation for internal controls management, as well as business continuity and disaster recovery management. ISO 27005 provides guidelines for information security risk management, it supports the general concepts specified in ISO 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. In this course, participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO 27005 standard as a reference framework.
Course Objectives
- Understanding the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005
- Interpreting the requirements of ISO 27001 on information security risk management
- Understanding the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization
- Acquiring the competence to effectively advise organizations on the best practices in information security risk management
Who Should Attend?
- Managers
- Persons responsible for information security or conformity within an organization
- Member of the information security team
- IT consultants
- Staff organizations implementing or seeking to comply with ISO 27001 or involved in a risk management program
Course Details/Schedule
Day 1
- Why ISO 27005?
- Scope of ISO 27005
- Concepts and definitions related to risk management
- Risk management standards, frameworks and methodologies
- Implementation of an information security risk management program
Day 2
- Understanding an organization and its context
- ISMS overview
- Major differences in ISMS approachs
- Recommended approach
- Points to consider
Day 3
- Introduction to the landscape of risk
- Asset landscape
- Threat landscape
- Controls landscape
- Loss (impact) landscape
- Vulnerability landscape
Day 4
- What information is necessary for risk analysis?
- Define the context for information risk management
- Risk identification and risk analysis
- Introduction to risk assessment methodologies
- Risk assessment with a quantitative method
Day 5
- Determine the appropriate information risk treatment plan
- Develop an information security risk communication plan
- Describe the information security risk monitoring and review Plan
- Acceptance of information security risks and management of residual risks