ISO/IEC 27005 Lead Risk Manager

Day 1 Introduction to ISO/IEC 27005 and information security risk management 

• Training course objectives and structure 
• Standards and regulatory frameworks 
• Fundamental concepts and principles of information security risk management 
• Information security risk management program 
• Context establishment

Day 2 Risk identification, analysis, evaluation, and treatment based on ISO/IEC 27005 

• Risk identification
• Risk analysis 
• Risk evaluation 
• Risk treatment

Day 3 Information security risk communication and consultation, recording and reporting, and monitoring and review 

• Information security risk communication and consultation 
• Information security risk recording and reporting 
• Information security risk monitoring and review

Day 4 Risk assessment methods 

• OCTAVE and MEHARI methodologies 
• EBIOS method
• NIST framework 
• CRAMM and TRA methods
• Closing of the training course

Day 5 Certification Exam