Description de la formation
La formation ISO/CEI 27005 fournit les lignes directrices pour l’établissement d’une approche systématique de la gestion des risques liés à la sécurité de l’information.
Prochaines sessions
1 Formation disponible
Objectifs visés
- Explain the risk management concepts and principles based on ISO/IEC 27005 and ISO 31000
- Establish, maintain, and continually improve an information security risk management framework based on the guidelines of ISO/IEC 27005 and best practices
- Apply information security risk management processes based on the guidelines of ISO/IEC 27005
- Plan and establish risk communication and consultation activities
- Record, report, monitor, and review the information security risk management process and framework
Contenu
Day 1 Introduction to ISO/IEC 27005 and information security risk management
- Training course objectives and structure
- Standards and regulatory frameworks
- Fundamental concepts and principles of information security risk management
- Information security risk management program
- Context establishment
Day 2 Risk identification, analysis, evaluation, and treatment based on ISO/IEC 27005
- Risk identification
- Risk analysis
- Risk evaluation
- Risk treatment
Day 3 Information security risk communication and consultation, recording and reporting, and monitoring and review
- Information security risk communication and consultation
- Information security risk recording and reporting
- Information security risk monitoring and review
Day 4 Risk assessment methods
- OCTAVE and MEHARI methodologies
- EBIOS method
- NIST framework
- CRAMM and TRA methods
- Closing of the training course
Day 5 Certification Exam
Public Cible
- Managers or consultants involved in or responsible for information security in an organization
- Individuals responsible for managing information security risks, such as ISMS professionals and risk owners
- Members of information security teams, IT professionals, and privacy officers
- Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
- Project managers, consultants, or expert advisers seeking to master the management of information security risks
Cette formation vous intéresse ?
Les enjeux de la cybersécurité pour les entreprises
Mare Nostrum Advising Cert est la filiale formation de MNA Group, une société de conseil en cybersécurité. La société exerce trois activités principales : le conseil, l'audit et la formation en cybersécurité pour aider les entreprises à s'améliorer dans ce...
Apprenez-en plus sur l'organisme et découvrez toutes leurs formations