I. Overview:

The ISO/IEC 27005 Risk Manager training course enables participants to understand the process of developing, establishing, maintaining, and improving an information security risk management framework based on the guidelines of ISO/IEC 27005.

II. Duration: 03 days (24 hours)

III. Objectives:

Upon the successful completion of this training course, you will be able to:

• Explain the risk management concepts and principles outlined by ISO/IEC 27005 and ISO 31000
• Establish, maintain, and improve an information security risk management framework based on the guidelines of ISO/IEC 27005
• Apply information security risk management processes based on the guidelines of ISO/IEC 27005
• Plan and establish risk communication and consultation activities

IV. Intended Audience:

This training course is intended for:

• Managers or consultants involved in or responsible for information security in an organization
• Individuals responsible for managing information security risks
• Members of information security teams, IT professionals, and privacy officers
• Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
• Project managers, consultants, or expert advisers seeking to master the management of information security risks

V. Course outlines:

• Day 1: Introduction to ISO/IEC 27005 and risk management
• Day 2: Risk assessment, risk treatment, and risk communication and consultation based on ISO/IEC 27005
• Day 3: Risk recording and reporting, monitoring and review, and risk assessment methods