Description

Type

Course
Level

Advanced
Location

Utrecht (Netherlands)

Class hours

24h
Duration

3 Days
Start date

29/05/2024

The purpose of ISO 27005 (latest update) is to provide guidelines for Information Security Risk Management. ISO 27005 supports the general concepts specified in ISO 27001 and is designed to assist the satisfactory implementation of Information Security based on a Risk Management approach. ISO 27005 does not specify or recommend any specific risk analysis method, although it does specify a structured, systematic and rigorous process from analyzing risks to creating the risk treatment plan. The 3-day Certified ISO 27005 Risk Manager training offers you also knowledge of the concepts, models, processes and terminologies, described in ISO 27001 and ISO 27002, important for a complete understanding of the international ISO 27005 standard.

ISO 27005:2011

The ISO 27000 series is an international information security standard published by ISO (International Organization for Standardization). The ISO 27005 standard was published in June 2008. In 2011 a new version of ISO 27005 was released by ISO, ISO 27005:2011.

Risk Management is critical to good business governance!
The essential international ISO 27005 standard helps organisations with advice on the why, what and how of managing information security risks in support of their governance objectives.

In this intensive 3-day Certified Risk Manager training you develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO 27005 standard as a reference framework.

Facilities

Utrecht (Netherlands)

See map

Start date

On request

Utrecht (Netherlands)

See map

Start date

29 May 2024Enrolment now open

About this course

Course objectives

- You will acquire the knowledge necessary for the implementation, management and maintenance of an ongoing Risk Management program.
- You will understand the concepts, approaches, standards, methods and techniques, allowing an effective management of risk according to ISO 27005.
- You will understand the relationship between the Information Security Management System (ISMS) (including Risk Management), the security controls and how to comply with the requirements of different stakeholders of your organization.
- How to interpret the requirements of ISO 27001 on Information Security Risk Management.
- How to acquire the competence to implement, maintain and manage an ongoing Information Security Risk Management program according to ISO 27005.
- You will acquire the competence to effectively advise organisations / your organization on the best practices in Information Security Risk Management.

Based on practical exercises and case studies, you acquire the necessary knowledge and skills to perform an optimal Information Security Risk Assessment and manage risks in time by being familiar with their lifecycle. You will learn the different methods of risk assessment used on the market e.g.: CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide.

Who is it intended for?

ISO 27005 is an essential standard for those who want to manage their risks effectively and is, in particular, a must for those who want to comply with the popular Information Security Management systems standard ISO 27001. The international standard ISO 27005 is applicable to all types of organisations (e.g. commercial enterprises, government agencies, non profit organizations) that intend to manage the risks that could compromise their organisation's information security.

Requirements

There are no specific prerequisites for understanding the Risk Management programme and successfully pass the ISO 27005 Risk Manager exam.

Questions & Answers

Add your question

Our advisors and other users will be able to reply to you

Who would you like to address this question to?

All
Students
Centre

Fill in your details to get a reply

We will only publish your name and question

Reviews

Subjects

IT Security
Security
International
Risk Analysis
Governance
Risk Assessment
Communication Training
Monitoring
Management of Risk
Surveillance
IT risk
IT
Risk
Risk manager
ISO
IT Management
Risk Management
Management
Certified ISO 27005

Teachers and trainers (1)

International Management Forum IMF

publisher of distance learning courses and organizer

Course programme

DAY I Introduction, Risk Management program, risk identification and assessment according to ISO 27005

Concepts and definitions related to Risk Management
Risk Management standards, frameworks and methodologies
Implementation of an Information Security Risk Management program
Risk analysis (identification and estimation)

DAY II Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005

Risk assessment
Risk treatment
Acceptance of Information Security Risks and Management of residual risks
Information Security Risk communication
Information Security Risk monitoring and review

DAY III Introduction to methods of risk assessment

Introduction to CRAMM (CCTA Risk Analysis and Management Method)
Introduction to MEHARI (MEthode Harmonise d'Analyse de RIsques)
Introduction to OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)
Introduction to Microsoft Security Risk Management
ISO 27005 Certified Risk Manager exam

See related categories

Contact us

Risk Management: Certified ISO 27005 Risk Manager

Questions & Answers

Reviews

Subjects

Course programme

Add similar courses
and compare them to help you choose.

Risk Management: Certified ISO 27005 Risk Manager

Questions & Answers

Reviews

Subjects

Course programme

Add similar coursesand compare them to help you choose.

Add similar courses
and compare them to help you choose.