PECB ISO/IEC 27005 Risk Manager

• Information Security risk managers
• Information Security team members
• Individuals responsible for Information Security, compliance, and risk within an organization
• Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or involved in a risk management program
• IT consultants
• IT professionals
• Information Security officers
• Privacy officers

• Acknowledge the correlation between Information Security risk management and security controls
• Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO/IEC 27005
• Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management
• Acquire the competence to effectively advise organizations in Information Security Risk Management best practices

• This training is based on both theory and best practices used in Information Security Risk Management
• Lecture sessions are illustrated with examples based on cases studies
• Practical exercises are based on a case study which includes role playing and discussions
• Practice tests are similar to the Certification Exam

Prerequisites

A fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of Risk Assessment and Information Security.

Course agenda

• Day 1: Introduction to ISO/IEC 27005 and implementation of a risk management programme
• Day 2: Information security risk assessment, risk treatment and acceptance as specified in ISO/IEC 27005
• Day 3: Risk communication, consultation, monitoring, review and risk assessment methods