Who should attend?

• Information Security risk managers h Information Security team members

• Individuals responsible for Information Security, compliance, and risk within an organization

• Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or individuals who are involved in a risk management program

• IT consultants

• IT professionals

• Information Security officers

• Privacy officers

Course agenda

Day 1 | Introduction to ISO 27005, concepts and implementation of a risk management program

• Course objectives and structure

• Standard and regulatory framework

• Concepts and definitions of risk

• Implementing a risk management programme

• Context establishment

Day 2 | Risk identification, evaluation, and treatment as specified in ISO 27005

• Risk Identification

• Risk Analysis

• Risk Evaluation

• Risk Assessment with a quantitative method

• Risk Treatment

Day 3 | Information Security Risk Acceptance, Communication, Consultation, Monitoring and Review

• Information security risk acceptance

• Information security risk communication and consultation

• Information security risk monitoring and review

Day 4 | Risk Assessment Methodologies

• OCTAVE Method

• MEHARI Method

• EBIOS Method

• Harmonized Threat and Risk Assessment (TRA) Method

• Applying for certification and closing the training

Day 5 | Certification Exam

Learning objectives

• Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO/IEC 27005

• Acknowledge the correlation between Information Security risk management and security controls

• Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management

• Acquire the competence and skills to effectively advise organizations on Information Security Risk Management best practices

• Acquire the knowledge necessary for the implementation, management and maintenance of an ongoing risk management program

Examination

The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:

Domain 1 | Fundamental principles and concepts of Information Security Risk Management

Domain 2 | Implementation of an Information Security Risk Management program

Domain 3 | Information security risk assessment

Domain 4 | Information security risk treatment

Domain 5 | Information security risk communication, monitoring and improvement

Domain 6 | Information security risk assessment methodologies

General information

• Certification fees are included in the exam price.

• Participants will be provided with the training material containing over 350 pages of explanatory information and practical examples.

• An Attendance Record worth 31 CPD (Continuing Professional Development) credits will be issued to participants who have attended the training course.

• In case candidates fail the exam, they can retake the exam within 12 months following the initial exam for free.

For additional information, please contact us at info@ciso-dpo.online.

Dowload Brochures [here].