Risk Management (ISO 31000) on Information Security Management Training Course
Understand how to apply risk management principles (ISO 31000) on organization's information security management.
Introduction
The risk management principles provide by ISO 31000 are the foundation of "risk management approach" for ALL management systems, includes ISO 9001, 13485, 14001, 20000, 22000, 22301, 27001...etc. The successful completion of this course is essential for implement an effective management system.
To participate this training course, the following prior knowledge was expected:
- Understand the concept of management systems accordance with ISO 19600
- Management system process (PDCA, Plan-Do-Check-Act)
- Understand the Organisation
- Leadership and commitment
- Planning and risk management system requirements
- Supporting the management system
- Operating the management system
- Performance evaluation
- Continual improvement
- Information Security Management accordance with ISO/IEC 27001
- Information security risk management
- Information security classification
- Information security assets management
- Information security controls
Who should attend?
This is intended for those who will be involved in risk management in any organization. Suggested job functions and their teams include:
- Anyone involved in management system activities
- Risk management and legal compliance
- Corporate governance and TOP management
- Consultant and Auditor
- Management system representative
- DPO (data protection officer)
Learning objectives
- Learn the main component of ISMS, particular on risk management requirement
- Understand the risk management framework and processes accordance with ISO 31000
Course benefits
- Improve the competence of risk management
- Understand the gap of existing risk management and best practice according to ISO 31000
Course outline
Day 1, ISMS (ISO/IEC 27001) and risk management consideration
- Process approach, Plan-Do-Check-Act (PDCA) and ISMS key components
- Overview ISMS implementation process
- Documented information for ISMS
- Risk management approach in ISMS
- Understand the Organisation
- Business continuity management
- Information security risk management requirements
- Information security management consideration
- Projects
- Mobile Devices
- Outsource and Supplier Relationship
- Personal Data and Privacy
- Cyber-Attack and Defence
Day 2, Risk management principles accordance with ISO 31000
- Risk management framework
- Risk management process and procedure
- Risk assessment
- Identification the risk
- Analysis the risk
- Evaluation the risk
- Risk Treatment
- Treatment options
- Plan(s)
- Course summary / Q&A / Course exam
What's included?
- Course material and media
- Course examination
- Course certificate
Organizational information
- Delegates should note that there are evening works during the course
- The minimal number of this class is 4 and maximum is 20. If the students less than 4, the course will be postponed.
- This course is facilitated by TKSG online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.
- This course is run in collaboration with CQI/IRCA Approved Training Partner - Hermes Infotech Inc.