Description
Who should attend?
This training course is intended for:
- Managers or consultants involved in or responsible for information security in an organization
- Individuals responsible for managing information security risks, such as ISMS professionals and risk owners
- Members of information security teams, IT professionals, and privacy officers
- Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
- Project managers, consultants, or expert advisers seeking to master the management of information security risks
Learning objectives
By successfully completing this training course, you will be able to:
- Explain the risk management concepts and principles based on ISO/IEC 27005 and ISO 31000
- Establish, maintain, and continually improve an information security risk management framework based on the guidelines of ISO/IEC 27005 and best practices
- Apply information security risk management processes based on the guidelines of ISO/IEC 27005
- Plan and establish risk communication and consultation activities
- Record, report, monitor, and review the information security risk management process and framework
Educational approach
- The training course provides best practices of risk management that will help participants prepare for real-life situations.
- The training course contains essay-type exercises (some of which are based on a case study) and multiple-choice quizzes (some of which are scenario-based).
- Participants are encouraged to communicate and discuss with each other when completing stand-alone and scenario-based quizzes and exercises.
- The structure of the quizzes is similar to the certification exam.
Prerequisites
The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of risk management and information security.
