This course presents and compares the different existing frameworks in the industry related to IT risk management. It highlights the features and structure of each one, and suggests the integration of these frameworks and standards in order to manage risks in an IT organization.

By completing this course, the student will be able to decide which is the most appropriate set of frameworks or standards to be applied in his/her organization in order to carry out a correct management of IT risks.


Objectives

Upon successful completion of this course, the participants will understand the differences between the Risk Management standards and frameworks available in the market, in order to decide which one is the most suitable for their organization:

  • “ISO/IEC 27005:2008” International standard
  • “ISO 31000:2009” International standard
  • “COBIT® 5” Framework
  • “ISO 22301:2012” International standard
  • ISO/IEC 20000:2011 international standard and ITIL
  • “ITIL®” Framework

Audience

This course is aimed to:

  • People requiring to understand the differences between ISO/IEC 27005, ISO/IEC 31000, ISO/IEC 20000, ISO 22301, COBIT 5 and ITIL and their approach to IT risk management.
  • Professionals who want to improve IT risk management.
  • People involved or playing a role in IT risk management who require a deeper understanding of the available standards and frameworks for managing risks.
  • People who want to learn IT Risk Assessment and Management techniques.

Prerequisites

There are no mandatory prerequisites; however, it is recommended that the participant holds the Information Security Foundation certificate based on ISO/IEC 27002.


Characteristics

The course has the following characteristics:

  • It is structured in thematic units, with a balance between theory and practice.
  • The courseware material includes theory, practical exercises, study cases and complementary content.
  • A certificate of course completion is delivered.
  • The length is 3 days.
  • Has a minimum requirement of 6 and a maximum of 25 participants.

Topics

The course has the following topics:

  • IT Risk General Perspective
  • IT Risk Management Foundations
  • ISO/IEC 27005:2008
  • ISO/IEC 31000:2009
  • The Risk IT Framework by ISACA
  • ISO 22301
  • ISO/IEC 20000:2011 and ITIL v3:2011
  • Synthesis for ITRM
  • Risk Evaluation Criteria
  • Review and Evaluation

Advantages offered by Global Lynx

Our instructors are certified in different Risk Management, Information Security, ISO/IEC and ITSM disciplines and have extensive experience in:

  • The design and implementation of Risk Management processes.
  • The design and development of Business Continuity Plans, Disaster Recovery Plans and Business Impact Analysis in public and/or private organizations.
  • The selection, implementation and configuration of tools and controls which support the Business Continuity Management and Information Security.
  • The teaching of several Risk Management, Information Security, Business Continuity, ISO and ITSM training courses in the academic and the professional fields.
The participant receives a high quality student handout.