Performing Effective
Information Security Risk Management
as per ISO/iec 27005:2011 ISRM Standard
Course Outline:
- Understanding of key risk management terminologies.
- What is countermeasure or control and its role in defending against the threat?
- What is CIA Triad from controls perspective?
- Different categories of controls (preventive, detective, deterrence etc.)
- Broader categories of controls (Administrative, Physical and Technical)
- Defense in depth concept
- Key information security risk management processes, including context establishment, risk assessment, risk treatment and monitoring/review.
- What is asset and how its value is determined?
- Different approaches of Risk Analysis – Qualitative vs. Quantitative
- Different types of risk responses
- Determining the right control and factors to consider
- ‘Hands-on’ practical experience in carrying out an effective risk management program as defined by ISO/IEC 27005:2011.
Duration of Course:
- One full day
You Will Learn:
- Students will learn how to map an organization’s business requirements to implemented security controls.
- Students will learn the elements of risk assessment and the data necessary for performing an effective risk assessment.
- Student will learn about different approaches of Risk Analysis – Qualitative vs. Quantitative
- Students will learn about what in depth risk management models exist for implementing a deeper risk management program in their organization.