With the increasing number of internal and external information security threats, organizations recognize the importance of adopting a formal risk management programme. Without a mechanism to identify, analyse and manage information security risks, it’s difficult for organizations to prioritize their security remediation efforts and resource allocation and associated costs. This leaves organizations more susceptible to security breaches, which can lead to financial and reputational damage.
Building on the concepts and framework specified in ISO/IEC 27001, ISO/IEC 27005 (updated by BS 7799-3:2017) provides guidelines for adopting an information security risk management approach that is appropriate to all organizations.
This course aims to provide you with clear and practical guidance on the framework and steps involved to identify, analyse and manage information security risks. It will help you to review your existing risk treatments and controls, and ensure they are appropriate to manage and reduce the identified risks . This will give you the confidence to get the most effective allocation of resources in place to address information security issues for your organization.
Who should attend?
Anyone who wants to learn about:
- Identifying and analysing information security risks
- How risks can be evaluated
- What treatments, controls and measures can be implemented in order to mitigate risks
- Ongoing governance and risk monitoring processes
The course is applicable to individuals from any size or type of organization who are currently involved in (or will be in the future) planning, implementing, maintaining, supervising or assessing information security, as part of an ISO/IEC 27001 ISMS.
Prerequisites:
You should have a basic knowledge of ISO/IEC 27001:2013 and ISO/IEC 27002:2013, as well as an understanding of the key principles of an ISMS. We also recommend that you have an awareness of generic risk assessments and basic understanding of information security principles and terminology. Some delegates on this course will have already attended our Information Security Management System (ISMS) Requirements of ISO 27001:2013 or Information Security Management System (ISMS) Implementing ISO/IEC 27001:2013 course.
We also recommend delegates have an understanding of the risk assessment approach currently employed in their organizations, should one exist.
Delegates will be able to:
-
Explain concepts specific to information risk management including terms and definitions
-
Recognize typical information security risks faced by organizations
-
Recognize typical information security risk management concerns
-
Communicate ISO/IEC 27005:2011 (updated by BS 7799-3:2017) introduction, background, purpose, scope and structure
-
Explain how ISO/IEC 27005:2011 (updated by BS 7799-3:2017) integrates and interfaces with other standards such as ISO/IEC 27001:2013
-
Implement the topics covered in ISO/IEC 27005:2011 (updated by BS 7799-3:2017) within your organization
-
Determine the value of the information assets under your control
-
Evaluate threats to information assets
-
Identify, analyse and evaluate information security risks
- Prioritise and choose appropriate risk treatments
Practical information
- It's a 2-day course
- The training can be given in Dutch or English
- The training materials will be provided in English
- The standard ISO 27005:2011 isn’t into the training price included. However, during the training course, a loan copy of the standard will be available.
- Lunch and drinks are included.
For further information regarding reduced rates at the hotel where the training is being conducted, please contact training.nl@bsigroup.com or call +31-(0)20 346 07 80.
In-house training courses
We can deliver this training course to your team in-house. Training in-house allows you to save on each individual delegate and also cut out travel and accommodation expenses, which can be significant.With our in-house training, not only can you meet your business needs, but you can also:
- Refresh your team’s skills and boost their confidence
- Give your team an overview of your management system(s)
- Train a group of auditors to the same level, using the same consistent techniques
For more information about the in-house training or to request a quote, please contact Training via +31 (0)20 346 0780 or send an email to training.nl@bsigroup.com
