The purpose of the Information Security Risk Management training course is to provide guidelines of ISO/IEC 27005, in order for the participant to learn to use the foundation for information security risk management within his/her organization and to be able to identify, evaluate and control those risks.


Objectives

  • To explain the purpose of Risk Management and the processes to evaluate and manage them regarding an SGSI implementation and operation.
  • To understand ISO 27005 standard as the guidelines and standard for information security risk management
  • To understand ISO 27005 terms and definitions
  • To provide a supporting Guide for the implementation of ISO/IEC 270015 requirements regarding risk management processes
  • To understand the risk assessment and analysis processes
  • To provide guidelines for the decision making based on the risk analysis

Audience

This course is aimed to:

  • Professionals who wish to improve the Information Security Management System performance.
  • Professionals who wish to implement or currently are implementing an Information Security Risk Management process within their organization.
  • People requiring to know and understand Management techniques and risk assessment in information security matter.
  • People requiring to know and understand the management criteria and risks and risk assessment in information security matter.

Prerequisites

It is recommended that the participant has obtained the Information Security Foundation based on ISO/IEC 27002 certificate, but it is not mandatory if he/she has knowledge of ISO/IEC 27002.


Characteristics

The course has the following characteristics:

  • It is structured in thematic units, each of them presents a part of the theory followed by practical exercises of review and understanding.
  • The material used is in Spanish and English and includes theory, practical exercises and complementary information.
  • An assistance certificate is delivered.
  • Has a duration of 3 days.
  • Has a minimum capacity of 5 and a maximum of 25 participants.

Topics

The course has the following topics:

  • Information Security Risk Management Introduction
  • Information Security Risk Management Process
  • Information Security Risk Management Context Establishment
  • Information Security Risk Assessment
  • Information Security Risk Treatment
  • Information Security Risk Monitoring, Reviewing and Communication
  • Review and Evaluation

Advantages offered by Global Lynx

Our instructors are certified in different ITSM, ISO, Information Security and Risk Management disciplines and have an extensive experience in:

  • The design and implementation of Information Security Management Systems in the private and in the public sector.
  • The selection, implementation and configuration of tools and controls which support the Information Security management and which are the ones of most standing and acknowledgement in the market.
  • First and second level audits for Information Security Management Systems.
  • Teaching various ITSM, ISO, Information Security and Risk Management courses in the academic and professional field.
The participant receives a high quality, didactic material in Spanish and English.