GOAL

The ISO 27005 Risk Manager certification course covers the ISO 27005 standard and information security risk management in general. This training allows you to carry out a risk management process from start to finish and manage your life cycle.

In particular, the objectives of the training are :

• Learn how to implement ISO 27005 and other methods in all circumstances.
• Describe the risk management process and its life cycle.
• Give the trainee the means to manage and carry out a risk assessment.
• Communicate resources and available tools to achieve optimal risk assessment.
• Prepare the learner for the examination at the end of the session.

PRE-REQUISITE

To attend this training, it is recommended to possess knowledge in computer science.

DURATION

3 days (21 hours) divided into 2.5 days during which practical cases, exercises and case studies are presented. 0.5 day for the exam.)

HOURS

2 first days from 9:30 am to 12 pm and from 1:30 pm to 5:30 pm (or 6 pm at the latest) The last day (beginning between 1:30 pm and 2 pm and ending between 4 pm and 4:30 pm)

TARGETED AUDIENCE

The "ISO 27005 Risk Manager" training course is intended for anyone wishing to master ISO 27005 or ISO 27005 certification. This training course is intended for anyone who needs to carry out an assessment of IT risks, in particular concerning IT security risks. This training is perfectly part of a process of implementation of ISO 27001. This training is ideally suited to CISO and SSI consultants.

PEDAGOGICAL METHOD

The pedagogical approach is based on the following five points :

• Lectures based on the ISO 27005 standard, references to ISO 27001 can be made;
• Good use of standards and methods (ISO 27002, EBIOS and MEHARI risk analysis methods, etc.)
• Construction of a risk assessment table that can be used from an Excel spreadsheet.
• Examples and case studies from real cases.
• Individual or group exercises.