ISO 27005 and Risk Management Training

Certified ISO 27005 Risk Manager (2 Days)

This course enables the participants develop the competence to master the basic Risk Management elements related to all the assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal Information Security Risk Assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly the framework of an ISO/IEC 27001 standard implementation process.

Read More

Certified ISO 31000 Risk Manager (2 Days)

In this two-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO 31000 general risk management standard, the process model it recommends, and how companies may use the standard

Read More

Certified ISO 27005 Risk Manager and IEC/ISO 31010 Risk Assessment Methodologies (3 Days)

In this three-day intensive course, the participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 and IEC/ISO 31010:2009 standards as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Certified ISO 31000 Risk Manager and IEC/ISO 31010 Risk Assessment Methodologies (3 Days)

In this three-day intensive course, the participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 and IEC/ISO 31010:2009 standards as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO 31000 general risk management standard, the process model it recommends, and how companies may use the standard and its companion risk assessment tools document IEC/ISO 31010

Read More

Risk assessment with the method OCTAVE (3 Days)

In this three-day intensive course, the participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using OCTAVE method (including OCTAVE-S and OCTAVE Allegro). The OCTAVE method (Operationally Critical Threat, Asset, and Vulnerability Evaluation) was developed by CERT (Computer Emergency Response Team). Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Introduction to the OCTAVE method (1 Day)

This training allows learning the stages of conducting a risk assessment with the OCTAVE method. The OCTAVE method (Operationally Critical Threat, Asset, and Vulnerability Evaluation) was developed by CERT (Computer Emergency Response Team). This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Risk assessment with the method EBIOS
(3 Days)

In this three-day intensive, the course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using EBIOS method. The EBIOS method (Expression des Besoins et Identification des Objectifs de Sécurité) was developed by ANSSI in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Introduction to the EBIOS method (1 Day)

This training allows learning the stages of conducting a risk assessment with the EBIOS method. The EBIOS method (Expression des Besoins et Identification des Objectifs de Sécurité: Expression of Needs and Identification of Security Objectives) was developed by ANSSI in France. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Risk assessment with the MEHARI method (3 Days)

This training using MEHARI enables the participants to master the basic risk management elements related to information security using the MEHARI method. The MEHARI (MEthode Harmonisée d'Analyse de Risques) method was developed by the “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF). Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Introduction to the MEHARI method (1 Day)

This training allows learning the stages of conducting a risk assessment with the MEHARI method. The MEHARI (MEthode Harmonisée d'Analyse de RIsques) method was developed by the “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF). Based on practical exercises and case studies, the participant will be able to perform an optimal risk evaluation and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Introduction to ISO 27005 (1 Day)

This one day course allows the participants to familiarize themselves with the fundamentals of risk management related to information security using the standard ISO/IEC 27005:2011 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. It should be noted that this course fits perfectly into the framework of a process of implementation of ISO 27001.

Read More

Introduction to ISO 31000 (1 Day)

This one day course allows the participants to familiarize themselves with the fundamentals of risk management using the standard ISO 31000:2009 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. During this training, we will explore the ISO 31000 general risk management standard, the process model it recommends, and how companies may use the standard, and its companion risk assessment tools document IEC/ISO 31010

Read More

Introduction to methodologies of risk management (1 Day)

This one day course allows the participants to learn about the different methods of risk estimation, most used on the market, as NIST 800-30, Microsoft Security Risk Management Guide, OCTAVE, Harmonized TRA, EBIOS and, MEHARI. The methods discussed are compatible with the principles of ISO/IEC 27005:2011 and within the framework of an implementation process of ISO 27001. Participants will see different stages of conducting a risk assessment based on each of the methodologies presented.

Read More

Introduction to the NIST 800-30 method
(1 Day)

This training allows learning the stages of conducting a risk assessment with the NIST 800-30 method. NIST 800-30 method was developed by the National Institute of Standards and Technology (NIST). Based on practical exercises and case studies, the participant will be able to perform an optimal risk evaluation and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Introduction to the Harmonized TRA method (1 Day)

This training allows learning the stages of conducting a risk assessment with the Harmonized TRA method. Harmonized TRA method was developed by the authority of the Chief, Communications Security Establishment Canada (CSEC) and the Commissioner, Royal Canadian Mounted Police (RCMP). Based on practical exercises and case studies, the participant will be able to perform an optimal risk evaluation and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Certified ISO 27005 Risk Manager with OCTAVE (5 Days)

In this five-day intensive course, the participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework and OCTAVE method. The OCTAVE method (including OCTAVE-S and OCTAVE Allegro) was developed by the CERT. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Certified ISO 27005 Risk Manager with EBIOS (5 Days)

In this five-day intensive course, the participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework and the EBIOS method. The EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) method was developed by ANSSI in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Certified ISO 27005 Risk Manager with MEHARI (5 Days)

In this five-day intensive course, the participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework and MEHARI method. The MEHARI method was developed by “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF) in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

Read More

Request a Course

Interested in a particular course or would like addition information

Training request

Currently Scheduled Courses

See listing of currently planned courses.

View


Copyright © NISKAA Group 2015. All rights reserved