Dec 11, 2019 CERT.Global 2080times

Information Security Risk Management (ISO/IEC 27005:2018) for Leaders and Management (incorporating ISO 31000:2018 requirements)

Understand how to apply and integrate the information security risk management process (ISRM, ISO/IEC 27005) as part of the organization's business risk management (ISO 31000). 

Introduction 

The risk management principles provide by ISO 31000 are the foundation of the "risk management approach" for ALL management systems, includes ISO 9001, 13485, 14001, 20000, 22000, 22301, 27001...etc. The successful completion of this course is essential to implement an effective management system.

To participate in this training course, the following prior knowledge was expected: 

  1. Knowledge of management systems compliance in accordance with ISO 19600
    • Process approach (Plan-Do-Check-Act)
    • Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies and procedures.
    • Top management leadership, other roles and responsibilities to support management system
    • Consideration of planning a management system - identify the organizational and technical measures to manage the identified risk
    • Supporting required by the management system
    • Management system operation consideration - monitoring, reporting and communicating
    • Performance evaluation of a management - objectives evaluation, Internal Audits, and Management Review
    • Continually improve the effectiveness of a management system
  2. Knowledge of information security management principles and concepts includes but not limited to:
    • Awareness of the need for information security;
    • The assignment of responsibility for information security;
    • Incorporating management commitment and the interests of stakeholders;
    • Enhancing societal values;
    • Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
    • Incorporating security as an essential element of information networks and systems;
    • The active prevention and detection of information security incidents;
    • Ensuring a comprehensive approach to information security management;
    • Continual reassessment of information security and make of modifications as appropriate.

Who should attend?

This course is intended for those who will be involved in risk management in any organization.

Suggested job functions and their teams include:

  • Anyone involved in management system activities
  • Risk management and legal compliance 
  • Corporate governance and TOP management 
  • Consultant and Auditor
  • Management system representative
  • DPO (data protection officer)  

Learning objectives

  • Learn the main component of ISMS, particular on risk management requirement 
  • Understand the risk management framework and processes in accordance with ISO 31000
  • Learn the information security risk management using ISO/IEC 27005 as the guideline

Course benefits

  • Improve the competence of risk management
  • Understand the gap of existing risk management and best practice according to ISO 31000

Course outline

Day 1, ISMS (ISO/IEC 27001) and business risk management consideration 

  • Process approach, Plan-Do-Check-Act (PDCA) and ISMS key components 
  • Overview ISMS implementation process 
  • Documented information for ISMS
  • Risk management approach in ISMS
    • Understand the Organisation
    • Interested parties requirements on information security
    • Information security in business continuity management (BCM)
    • Information security risk management requirements

Day 2, Business risk management (ISO 31000) and Information Security Risk Management (ISO/IEC 27005) 

  • Risk management framework according to business risk management (ISO 31000)
  • Risk management process and procedure according to (ISO/IEC 27005)
  • Risk management criteria 
  • Information asset management process 
  • Risk assessment process 
    • Identify the risk
    • Analysis the risk
    • Evaluate the risk 

Day 3, Information Security Risk Management (ISO/IEC 27005) 

  • Risk Treatment 
    • Treatment options
    • Plan(s)
  • Information security risk control objectives and controls
    • Process risk control, i.e. policy, organizational, incident management 
    • Personnel 
    • Physical and environment
    • Network and communications
    • IT system, applications
    • Devices and media, i.e. mobile devices
    • Outsource and Supplier Relationship
    • Personal Data and Cryptographic
  • Course summary / Q&A / Course exam

What's included?

  • Course materials
  • Course examination 
  • Course certificate

Organizational information

Additional Info

Venue (地點): Public or In-house training
Time (時間): 3 days
09:00 ~ 18:00
Facilitator (講師): Authorized tutor

Related items

ICT Business Continuity and Disaster Recovery Professional Training Course
ICT Business Continuity and Disaster Recovery Professional Training Course

Understand how to apply business continuity risk management principles (ISO 22301) on the organization's ICT business continuity and disaster recovery management.

Dec 11, 2019
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipment, people, communication, networking, system, and application.

Dec 11, 2019
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Dec 11, 2019
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course

To compliance with ISO/IEC 27001, the organisation shall demonstrate its capability on conducting an effective Internal Audit, to ensure the management system fulfills legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures requirements.

Also, the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.

Dec 11, 2019
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Dec 11, 2019
Risk Management (ISO 31000) on Information Security Management Training Course
Risk Management (ISO 31000) on Information Security Management Training Course

Understand how to apply risk management principles (ISO 31000) on organization's information security management.

Dec 11, 2019
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services

協助企業在即時偵測惡意攻擊與可疑的內部資料外洩偵測行為,防止惡意軟體蒐集將資料外送。

Dec 11, 2019
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course

(Registered Course Nr. PR320 / A17533)

Through the management system audit and certification, the organization can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also, the competence to plan, operation and continual improvements in the management system to control the risks and achieve its expected outcome.

Dec 11, 2019

Upcoming Event

There are no up-coming events
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework