ISO 27005 Risk Manager
Details:
Admission
•This certification applies to all information security professionals.
• Admission after interview.
Knowledge validation
• Certifying exam by an external body.
Recommended prerequisites
• Chief Information Security Officers (CISOs).
• Members of an information security team.
• Anyone responsible for information security, compliance and risk within an organization.
• A foundational knowledge of the ISO/IEC 27005 standard and in-depth knowledge of risk assessment and information security
•IT security consultants.
Mandatory prerequisites
• Trainees purchase the ISO27000, ISO27001, ISO27002 and ISO27005 standards
•Bachelor's degree (BAC+2) or 2 years of professional experience in information security.
• IT skills
•Requires internet access and a laptop with a camera for the remote exam
•Requires installation on the trainee's computer of a connection platform such as Teams or Zoom.
Who can take the exam?
• Chief Information Security Officers (CISOs)
•Members of an information security team.
• Anyone responsible for information security, compliance and risk within an organization
•Anyone implementing ISO/IEC 27001, wishing to comply with the ISO/IEC 27001 standard, or involved in a risk assessment program
•IT security consultants.
Our objectives
• The "ISO/IEC 27005 Risk Manager" training will help you develop the skills to master the processes related to all assets relevant to information security, using the ISO/IEC 27005 standard as a reference framework.
• Have or acquire the skills to manage information security risks, and more specifically to implement the ISO 27005 standard, identify, analyze, assess, treat and manage security risks, and identify and evaluate risk treatment options.
•Have or acquire the skills to select security measures, approve residual risks, identify threats, vulnerabilities and impacts
•Communicate the resources and tools available to carry out an optimal risk assessment.
• Prepare for the exam at the end of the session.
Content:
01
Introduction to the standards
• The ISO 2700X series.
• The ISO 27005 standard.
• Other standards.
• Risk management vocabulary according to ISO 27005.
02
Interactive presentation of fundamental vocabulary and the empirical approach to risk management
• Identifying and valuing assets.
• Threats and vulnerabilities.
• Risk identification and formulation as scenarios.
• Risk assessment
•Likelihood and consequences of a risk.
• Risk evaluation.
• The different risk treatment options.
• Risk acceptance.
• The concept of residual risk.
03
The ISO 27005 standard
• Introduction to the ISO 27005 standard.
• Managing the risk management process.
• Project life cycle and continuous improvement (PDCA model).
• Establishing the context.
• Risk identification.
• Risk analysis.
• Risk evaluation.
• Risk treatment.
• Risk acceptance.
• Risk monitoring and review.
• Risk communication.
04
Exercises
Role-playing: case study;
• Carrying out a complete risk assessment.
• Group work.
• Simulated interview with a business process owner.
• Using a laptop to conduct the study.
• Oral presentation of results by each group.
• Review of the presented results.
05
A few recommendations
• Common mistakes: know them and guard against them.
• Risk management stakeholders.
• General recommendations.
• Examples of risk criteria scales.
• Exam preparation.
Additional information

€1,700 excl. VAT / 21 hours of training
This training can be scheduled based on demand.
You can contact the training organization to learn more: formation@adacis.net or +33 5 47 33 51 79
