ISO 27005 Risk Manager
Objective
The certified “ISO 27005 Risk Manager” deals with the ISO 27005 and risk management of information security in general. This training allows you to conduct end to end process of risk management and manage its life cycle. In particular, the objectives of the training are:
- Learn how to implement the ISO 27005 standard and other methods in all circumstances.
- Describe the process of risk management and its life cycle.
- Empower the student to manage and conduct a risk assessment.
- Provide resources and tools available to achieve optimal risk assessment.
- Prepare learners to review at the end of session.
Training “ISO 27005 Risk Manager” for anyone wishing to master the ISO 27005 or getting ISO 27005 certification. This course is aimed at anyone who needs to perform a risk assessment information relating in particular to the security risk. This training fits perfectly in the context of a process of ISO 27001 implementation. This training is ideal for RSSI and consultants SSI.
Methodology
The teaching method is based on the following five points:
- Lecture based on the ISO 27005 standard, references to ISO 27001 can be made
- Good use of standards and methods available (ISO 27002, methods of risk analysis and EBIOS MEHARI, etc.)
- Construction of a risk assessment table exploitable from a spreadsheet such as Excel
- Examples and case studies drawn from real cases
- Exercises performed individually or in groups.
Trainer
- Our course is continuously improved by the members of CPUG, The Check Point User Group
- Unlike Check Point, were not trying to sell you anything. We just want you to get the best education possible.
- This course covers everything you need in just one week, while the official courses stretch it out to two weeks.
- Our classroom lab setup is far more sophisticated and robust than that used in the “official” courses.
Language
This training is held in French only.
PLAN
Introduction
- ISO 2700X series
- ISO 27005
- Others methodology
The vocabulary of risk management according to ISO 27005.
Interactive presentation of fundamental vocabulary and empirical approach to risk management with the active participation of trainees in a concrete example:
- Identification and valuation of assets
- Threats and Vulnerabilities
- Risk identification and formulation in the form of scenarios
- Risk assessment
- Likelihood and consequences of risk
- Risk Assessment
- The different treatment of risk
- Acceptance of risk
- The concept of residual risk
ISO 27005
- Introduction to ISO 27005
- Managing the process of risk management
- Project Life Cycle and Continuous Improvement (PDCA)
- Setting the Context
- Identification of risks
- Risk assessment
- Risk Assessment
- Risk Treatment
- Acceptance of risk
- Monitoring and review of risk
- Risk Communication
Exercices
Scenario: a case study
- Conducting a full risk assessment
- Group work
- Simulation of interview with a business process
- Provision of a laptop for the study
- Oral presentation of results for each group
- Review the results presented
Presentation of recommendations HSC:
- Common mistakes: to know and to guard against
- Actors risk management
- Tools
- General recommendation
- Preparation to the exam
The student should be comfortable in IT field.
This training is followed by an ISO27005 Risk Manager exam. A certificate of presence is sent to the student.
Duration: 3 Days
|