ISO/IEC 27005 Certified Risk Manager 3 Dagen (21 Uur) / Examen inbegrepen

Course Objectives

Due to technological advances and the complexity of cyber-attacks, the demand for information security risk assessment and management professionals continues to grow. As such, the ISO/IEC 27005 Risk Manager certification has become the standard for best practice in information security risk assessment. By obtaining certification, you demonstrate a level of competence that adds value not only to your career, but also to your organization. It can help you stand out from the crowd and increase your earning potential.

This course teaches how to conduct an information security risk assessment by combining information from ISO/IEC 27005 and ISO/IEC 27001. In addition to theoretical knowledge, this course is equipped with practical exercises, quizzes, and case studies, making it a very engaging training course.

With its probing questions and exercises, this training course will inspire you to have a closer look at your organization. When focusing on risk management for a successful ISMS, you need to be very clear about what, how, when, why and who will be involved. The goal of this training course is to instill in you the curiosity that a good risk manager must have.

A the end of this training course, learners will be able to:

• Explain the risk management concepts and principles outlined by ISO/IEC 27005 and ISO 31000
• Establish, maintain, and improve an information security risk management framework based on the guidelines of ISO/IEC 27005
• Apply information security risk management processes based on the guidelines of ISO/IEC 27005
• Plan and establish risk communication and consultation activities

Course Agenda

Day 1 - Introduction to ISO/IEC 27005 and Risk Management

• Training course objectives and structure
• Standards and regulatory frameworks
• Fundamental concepts and principles of information security risk management
• Information security risk management program
• Context establishment

Day 2 - Risk assessment, risk treatment, and risk communication and consultation based on ISO/IEC 27005

• Risk identification
• Risk analysis
• Risk evaluation
• Risk treatment
• Information security risk communication and consultation

Day 3 - Risk recording and reporting, monitoring and review, risk assessment methods and certification exam

• Information security risk recording and reporting
• Information security risk monitoring and review
• OCTAVE and MEHARI methodologies
• EBIOS method and NIST framework
• CRAMM and TRA methods
• Taking your certification exam
• Closing of the training course

Who should attend?

This course is intended for:

• Managers or consultants involved in or responsible for information security in an organization;
• Professionals who are responsible for the management of information security risks;
• Members of information security teams, IT teams and privacy offices;
• Persons responsible for the maintenance of an organization's compliance with the information security requirements of ISO/IEC 27001 and 27005;
• Project managers, consultants and advisors who want to become proficient in the management of information security risks.

About the Examination

The "PECB Certified ISO/IEC 27005 Risk Manager" exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competence domains:

• Domain 1 - Fundamental principles and concepts of information security risk management
• Domain 2 - Implementation of an information security risk management program
• Domain 3 - Information security risk management framework and processes base on ISO/IEC 27005
• Domain 4 - Other information security risk assessment methods

Practical details: