Home About
Services
Consulting and Expertise Security Management Security Governance Business Continuity Security Awareness
Formations
SECURITE OFFENSIVE - ETHICAL HACKING
Cybersecurity Awareness Hacking & Security: Fundamentals Hacking & Security: Advanced Hacking & Security: Expert Certified Ethical Hacker v10 Penetration Testing: Audit Simulation Web Site Audit Social Engineering and Countermeasures Conducting a Security Audit: SI Audit Method Certified Web Application Security Pentester Python for Pentesting Advanced Exploitation with Metasploit Certified of Cloud Security Knowledge Intelligent Android Application Testing Computer Hacking Forensic Investigator v9
INFORENSIQUE
Computer Hacking Forensic Investigator v9 Advanced Forensic Analysis and Incident Response Mobile Device Forensics
MANAGEMENT
ISO 27001: Certified Lead Implementer ISO 27001: Certified Lead Auditor ISO 27005: Certified Risk Manager ISO 27005: Certified Risk Manager + EBIOS Method Certified Information Systems Auditor Certified Information Systems Security Professional Certified Data Protection Officer Certified Information Security Manager ISO 31000: Certified Risk Management ISO/IEC 22301 Certified Lead Auditor ISO/IEC 22301 Certified Lead Implementer ISO/IEC 27032 Certified Cybersecurity Manager ISO/IEC 27034 Certified Lead Auditor ISO/IEC 27034 Certified Lead Implementer ISO/IEC 27035 Lead Incident Manager Certified Lead Pen Test Professional ISO 9001 Certified Lead Auditor ISO 9001 Certified Lead Implementer
SECURITE DEFENSIVE
Android Device Security Awareness >Linux Security Windows Security Network Security Technology Watch Security SIEM Implementation Secure Web Development: Python Session Secure Web Development: PHP Session
Team Contact

Language

FR EN AR
Home / Training / ISO 27005: Certified Risk Manager

ISO 27005: Certified Risk Manager

Master risk management according to ISO/IEC 27005 and best assessment practices.

Risk Management
ISO 27005
Certification

Objective

The ISO/IEC 27005 risk management training allows you to develop the necessary skills to master the risk management process associated with all information security-related assets, using ISO/IEC 27005 as a reference framework. You will also understand the best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI, and harmonized EMR. This course corresponds to the ISMS framework implementation process presented in ISO/IEC 27001.

Specific objective: Understand the concepts, approaches, methods, and techniques for an effective risk management process according to ISO/IEC 27005.

Prerequisites

  • Fundamental understanding of ISO/IEC 27005 and in-depth knowledge of risk assessment and information security

General Information

  • Code: ISO 27005
  • Duration: 3 days
  • Schedule: 8:30 AM - 5:30 PM
  • Location: Training Center, North Urban Center, Tunis

Target audience

  • Information security risk managers
  • Information security team members
  • Information security officers

Resources

  • Course materials
  • 40% demonstration
  • 40% theory
  • 20% practical exercises

Training Program

  • Day 1 : Introduction to the ISO/IEC 27005 risk management program
    • Objectives and training structure
    • Concepts and definitions of risk
    • Normative and regulatory frameworks
    • Implementation of a risk management program
    • Understanding the organization and its context
  • Day 2 : Implementing an ISO/IEC 27005 risk management process
    • Risk identification
    • Risk analysis and assessment
    • Risk appreciation (quantitative method)
    • Risk treatment
    • Acceptance and management of residual risks
    • Communication and consultation on risks
    • Risk monitoring and review
  • Day 3 : Overview of other risk assessment methods and examination
    • OCTAVE Method
    • MEHARI Method
    • EBIOS Method
    • Harmonized EMR Methodology
    • Training closure
Download PDF program

Do not hesitate to contact our experts for any additional information, free study and calculation of an audit service.

Information security is essential for any company that needs to protect and improve its information assets.

Contact us