
Data and Information are assets for the organization, especially critical data or information. To maintain the data or information integrity, they need to be protected from unauthorized access, cyberattackers, or other unauthorized users. In this lecture, students will learn the concepts of "Information Security" which ensures that critical information, systems, and resources are protected and not compromised.
In this lecture, we shall discuss about the key objectives and purpose of protecting the information asset and resources.
IS Security/ Cybersecurity risk is one of the types of Operational Risk, and Operational Risk is one of the categories of overall Enterprise Risks that organizations face and manage. Operational risk involves the "failure of systems and processes", therefore, cybersecurity/ information system risks are categorized as Operational Risks for the organizations, because they may cause loss of information systems or may cause compromise of a process.
In this lecture, we shall discuss the broader risks, including Operational Risk, which organizations face and manage. The purpose of this lecture is to have knowledge of other risks which organizations face.
IS Security/ Cybersecurity risk is one of the types of Operational Risk, and Operational Risk is one of the categories of overall Enterprise Risks that organizations face and manage. Operational risk means the "failure of systems and processes", therefore, cybersecurity/ information system risks are categorized as Operational Risks for the organizations, because they may cause loss of information systems or may cause compromise of a process.
In this lecture we shall discuss the information security risks, which if occur, cause the loss of information or compromise of information system.
Information is an asset for organizations, and it must be managed and protected from possible unauthorized data or information access or possible cyberattacks. Organizations manage the risks of information or data loss, through the application of information security controls.
We shall discuss the overview of the Data Governance and Controls to Protect Information, Systems, & Infrastructure.
You will learn about the broader reasons, why organizations perform Information Security Risk Assessment.
We shall discuss the Information System Access controls which are defined and implemented by an organization to protect unauthorized data access or data manipulation.
Do you know why is it critical for companies and institutions to manage "Critical Information" and associated "Information Security Risks"?
Do you know what happens when IS Security Risks incident occurs? What are the consequences and risks involved?
Do you know how companies and IS Consultants, practically perform IS risk assessment to manage and maintain Information Security Infrastructure?
What ISO/IEC 27001:2013 ISMS standard prescribes for IS Security Risk Assessment and Treatments?
All these questions will be answered through a practical course, where standards' requirements are linked with real-world examples, risk assessment models, and techniques.
ISO 27001 is the internationally recognized specification for Information Security Management System (ISMS) and is the most popular standard for Information Security. It serves as an IT Governance framework for organizations and businesses to enable the development and implementation of ISO 45001-prescribed controls to secure information assets.
COURSE OVERVIEW
In this course, you will get an insight into how companies and institutions perform Information Security IS Risk Assessment and manage or treat IS Risks, Threats, and Vulnerabilities. This course will give you conceptual and practical knowledge about IS Security Risk Assessment and Management as per ISO 27001.
COURSE TOPICS
Understanding ISO 27001 ISMS Risk Assessment
Understanding Information Security, Protection, and ISO 27001 Principles
Key Objectives of Information Security and Protection
Networks, Information, and Data Availability
Information Asset Matrix and CIA Triad
Understanding Risk, Activity or Event, and Adverse Impact or Outcome
Different Categories of Risks Faced by Institutions and Organizations
Understanding Information Security Risks and Possible Adverse Impacts
Understanding Cybersecurity Risk
Information Asset, Data Governance and ISO 27001 Protection Controls
Information Security IS Risk Assessment and Purpose of IS Risk Assessment
Risk Assessment with Quantitative Calculation
Risk Assessment - Assets Based Approach ABA - Risks Threats and Vulnerabilities
Overview of Threat, Vulnerability, Consequences and Mitigation Plan
Risk Assessment - Understanding High, Medium and Low Risk Levels
Risk Matrix /methodology - 5 by 5 Risk Assessment Matrix
Understanding When to Use a Risk Assessment Matrix
Application of Risk Assessment Matrix for Risk Rating Calculation
Rigorous Risk Cases and Risk Assessment Analysis
Example - Preparing Risk Register after Risk Assessment Calculations - Cybersecurity Risk as an Example
Risk Treatment Options
Implementing Controls - Preventive, Detective and Corrective Controls
Information System Defense Controls
ISO 27001 - Risk Mitigation Strategy and Controls
Multiple Choice Questions MCQs are also part of this course
You will be able to "prepare Asset Risk, Impact and Likelihood Matrix", "perform Risk Assessment using Methodology", "prepare Vulnerability and Threat Matrix", "perform Risk and Financial Impact Pyramid Analysis", "apply Treatment Options", "understand Controls Categories" etc. as per ISO 27001 - Information Security Management System.
To test your knowledge, the MCQs test is also part of this course
Other Benefits?
After attending this course you will be able to:
- apply concepts in your IS Security job
- communicate with IS Security and IS Audit professionals
- apply for jobs in organizations where ISO 27001 ISMS is implemented or to be implemented
- pursue a career progression in IS Security domain
- get the certificate of course completion etc.
Who is this course for:
Information System IS Security, IS Audit, IT Professionals and Students
IS Security Consultants
Risk Management Professionals and Students
Internal Audit Professionals and Students
Finance Professionals and Students
CISA, CISM students
Compliance professionals
Anyone who wants to learn the ISO 27001 standard's requirements for Information Security