Course Outline
Day 1 Introduction to ISO/IEC 27005 and implementation of a risk management programme
- Course objectives and structure
- Standard and regulatory framework
- Concepts and definitions of risk
- Risk management programme
- Context establishment
Day 2 Information security risk assessment, risk treatment and acceptance as specified in ISO/IEC 27005
- Risk identification
- Risk analysis
- Risk evaluation
- Risk assessment with a quantitative method
- Risk treatment
- Information security risk acceptance
Day 3 Risk communication, consultation, monitoring, review and risk assessment methods
- OCTAVE method
- MEHARI method
- EBIOS method
- Harmonized Threat and Risk Assessment (TRA) method
- Applying for certification and closing the training
Requirements
A fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of Risk Assessment and Information Security.
Testimonials (4)
The quizzes to reinforce the reading and the ability to ask questions at any time
Jonathan
Course - ISO 9001 Lead Auditor
Lap Qradar
Sutthikan Noisombat - NTT
Course - IBM Qradar SIEM: Beginner to Advanced
With both my 2022 ISO 9001 audit prep-related training & the recently completed ISO 9001 audit prep refresher course; Dereck has helped me significantly with regards to gaining a new & practical perspective of the ISO 9001:2015 clauses & sections & how they apply to our business. Dereck has also helped me with both training courses --- to improve my ISO-related communications both with our company's employees and the external ISO Auditors .
Dana Foster - Corrigan Oil Company
Course - ISO 9001 Foundation
I enjoyed the quizzes, and Driton's style of teaching.