What is ISO/IEC 27005?

ISO/IEC 27005 provides guidelines for establishing a systematic approach to information security risk management that is necessary to identify organizational information security needs and to create an effective information security management system. In addition, this international standard supports ISO/IEC 27001 concepts and is designed to assist in the effective implementation of information security based on a risk management approach.

Why should you attend?

The ISO/IEC 27005 Risk Manager course will provide you with the skills to master the risk management processes related to all assets relevant to information security using ISO/IEC 27005 as a framework. During this training, you will also gain an in-depth understanding of best practices in risk assessment methodologies such as OCTAVE, EBIOS, MEHARI and the harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.

After understanding all the necessary concepts of information security risk management based on ISO/IEC 27005, you can take the exam and apply for a “PECB Certified ISO/IEC 27005 Risk Manager” certification. By holding a PECB Risk Manager certificate, you will be able to demonstrate that you have the skills and knowledge to perform an optimal information security risk assessment and manage information security risks in a timely manner.

Who should attend?
Information security managers
Members of an information security team
Any individual responsible for information security, compliance and risk in an organization
Anyone implementing ISO/IEC 27001, wanting to comply with ISO/IEC 27001 or involved in a risk management program
IT consultants
IT professionals
Information Security Officers
Privacy officers
Training objectives
Understand the relationship between information security risk management and security measures
Understand the concepts, approaches, methods and techniques for an effective risk management process that complies with ISO/IEC 27005
Interpret the requirements of ISO/IEC 27001 in the context of information security risk management
Acquire the skills to effectively advise organizations on best practices for information security risk management
Pedagogical approach
This training is based on both theory and best practices used in information security risk management
The course sessions are illustrated by examples based on case studies
Practical exercises are based on a case study that includes role playing and discussions
Practice tests are similar to the certification exam
Prerequisites

A basic understanding of ISO/IEC 27005 and a thorough knowledge of risk assessment and information security.

Training Program.

Day 1: Introduction to the ISO/IEC 27005 Risk Management Program

Day 2: Implementing an ISO/IEC 27005 compliant risk management process

Day 3: Overview of other information security risk assessment methods and certification exam