ISO/IEC 27005. Information security risk management.
What you'll learn
- The framework for managing information security risks proposed by the International Organization for Standardization (ISO)
- Assets, threats, vulnerabilities and the relationship between them
- Methodologies for the information security risk analysis
- Risk treatment options
Requirements
- Familiarity with ISO standards is helpful
- Familiarity with the concepts of information security management
Description
This course details the guidelines of ISO/IEC 27005:2018 for information security risk management.
The first part of the course includes generic information about information security management in the context of the ISO/IEC 27000 series of international standards, risk management according to ISO 31000 and information security risk management as per ISO/IEC 27005.
A generic presentation of ISO/IEC 27005 follows, including its relationship with ISO/IEC 27001 and its purpose in the context of an ISMS (Information security risk management system).
The next part of the course is dedicated to the context of the risk management process - covering the scope of risk management, the purpose and the constraints that may affect this process. We will also discuss about the organization for information security risk management.
The following videos are dedicated to the risk assessment part, beginning with the identification and the valuation of assets, the identification of threats and vulnerabilities. Examples of threats and vulnerabilities are provided along the way to facilitate the understanding of the concepts.
The qualitative and quantitative methodologies for risk analysis are presented with examples and followed by a detailed presentation of the risk evaluation step.
Risk treatment is the next part of the course, with a presentation of the options available for treating a risk - avoidance, modification, sharing and retention. Again, the concepts are accompanied by examples to make them easy to understand. We will also discuss in this part of the course about the decision to accept risks and the conditions for that.
The final part is about risk communication and consultation and about the need to monitor and review continually the risk management process in order to ensure that it remains relevant and appropriate.
Who this course is for:
- Information security officers
- Information security risk managers and analysts
- ISO enthusiasts
- Information security auditors and consultants
Course content
- Preview03:53
- 05:37Information security management
- Preview04:00
- Preview04:50
- 04:30Risk management
Instructor
![Cristian Lupa](data:image/svg+xml,%3Csvg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64"%3E%3C/svg%3E){kind=avatar}
- 4.4 Instructor Rating
- 22,956 Reviews
- 53,975 Students
- 17 Courses
Cristian is an experienced auditor, consultant and trainer who has been working in conformity evaluation for more than 15 years,
Passionate about standards and how their use can help organizations improve, Cristian has been involved in more than 500 audits in different European countries as well as numerous consulting projects on different standards.
A certified auditor and risk assessor, Cristian is today the managing director of RIGCERT - accredited certification body operating in Europe.