IIRF Online > IT & Software > IT Certifications > Information Security > ISO/IEC 27005:2022. Information security risk management
ISO/IEC 27005:2022. Information security risk management by Udemy
Understand the framework proposed by ISO for managing information security risks in an organization
Course Highlights
- What is an information security risk and what is an ISMS
- What represents the risk appetite of an organization
- How to establish risk acceptance criteria
- How to identify information security risks
- The relationship between threats and vulnerabilities
- How to estimate likelihood and consequence as constitutive elements of risk
- How to calculate a risk level
- What are the requirements for risk owners and why risks should be owned
- Which are the options available for risk treatment
- Key documents for an ISMS like the SoA or the risk treatment plan
Skills you will learn!
Curriculum
5 Topics
Introduction
Information security management
The ISO/IEC 27000 series of standards
About ISO/IEC 27005
Information security risk management
5 Topics
Context establishment
Risk acceptance criteria
Criteria for performing information security risk assessments
Qualitative vs. quantitative approaches part 1
Qualitative vs. quantitative approach part 2
6 Topics
Generic requirements for the information security risk assessment
The event-based approach to risk identification
The asset-based approach to risk identification
Identifying risk owners
Analyzing information security risks
Evaluating information security risks
5 Topics
Risk treatment options
Determining the necessary controls
Preventive detective and corrective controls
The Statement of Applicability (SoA)
The risk treatment plan
4 Topics
More considerations about the information security risk management process
Continual improvement
Certification for information security management
Thank you and good bye!
ISO/IEC 27005:2022. Information security risk management
Related Information Security Courses
Thank You!
Your review has been submitted successfully.