Who is this training for?
This training is intended for all managers and professionals who are involved, directly or indirectly, in improving the effectiveness of information security controls.
Training objectives
- Understand the principles of risk management for information security in companies
- Understand how to integrate risk management as part of an information security management system in accordance with ISO/IEC 27001:2013 in a company
- Be able to implement risk management mechanisms within the framework of your organization
Summary
This course allows you to deepen the concepts of risk management in an information security context and to understand how to integrate risk management as part of an information security management system compliant with ISO/IEC 27001:2013 in an enterprise.
Course outline
A look back at ISO/IEC 27001:2013
- ISO/IEC 27001 standard on information security
- Risk management principles.
Information Security Risk Management Process
- Setting the Context
- Information Security Risk Assessment
- Asset Identification, Valuation and Impact Assessment
- Typical Threats
- Vulnerabilities and Vulnerability Assessment Methods
- Information Security Risk Assessment Approaches
- Information Security Risk Handling
- Information Security Risk Acceptance
- Related Communications
- Monitoring and review of information security risks
Approach and methodology
This training is based on an alternation of theoretical learning and concrete examples. During this training, you will learn the application of commonly used tools to illustrate concepts and ensure their understanding. The preferred style of animation is based on: • The pooling of individual experiences. • Interactions between participants.
Prerequisites
ISO/IEC 27001:2013 - Awareness of the standard or equivalent content
Recommendations
Before the training, participants should familiarize themselves with the basics related to risks, such as threats, vulnerabilities and impacts. Prior knowledge of the general framework of an information security management system is also an asset for better integration of concepts.
