ISO/IEC 27005:2022 Lead Risk Manager

Audience
The course is aimed at people who are responsible for, or want to be given responsibility for, risk management in relation to information security in an organization. It is suitable for risk managers, security officers, ISMS/security team members, compliance officers, IT and security consultants, data protection/privacy officers, project managers in charge of security, and advisors who want to develop, maintain or improve their organization's information security risk management program.

Learning objectives
Participants will gain in-depth knowledge of principles, methods and best practices for risk management related to information security in accordance with the ISO/IEC 27005 standard. They will learn how to establish, maintain and continuously improve a risk management framework (ISRM). They should understand how to identify, analyse, assess and manage risks, as well as how to plan and organise risk communication, consultation, reporting, monitoring and review. They should also become familiar with several methodologies for risk assessment and treatment (e.g. OCTAVE, EBIOS, MEHARI, harmonized TRA) and how risk management can be integrated with an ISMS in accordance with standards such as ISO/IEC 27001.

After completing the course you will be able to

• Explain key concepts, principles and processes for information security risk management based on ISO/IEC 27005
• Establish and maintain a risk management framework adapted to the context of the organization
• Identify, analyze, assess and manage information security risks
• Plan and implement risk communication, consultation, reporting, monitoring and auditing of the risk management process
• Use appropriate risk assessment and risk management methodologies
• Collaborate with stakeholders and contribute to continuous improvement of the risk management program