2 378,64 €
Risk Management 27005 Risk Methodologies

Risk Management 27005 Risk Methodologies

Painel de Ações e Detalhes

2 378,64 €

Informações do evento

Partilhar este evento

Data e hora

Localização

Localização

Lisboa

Av. Visconde de Valmor, 66, 4º

Av. Visconde de Valmor, 66, 4º

1050-242 Lisboa

Portugal

Ver mapa

Descrição do evento
Live Online Training

Acerca deste evento

Mastering risk evaluation and optimal risk management in information security and learning the methods of risk assessment Introduction

On this course, the students will acquire the expertise to establish and operate an Information Security Risk Management (ISRM) program based on ISO/IEC 27005 and supported by well-known information risk management methodologies.

Besides the fundamental concepts related with information security and risk management and an overview clause-by-clause of the ISO/IEC 27005 standard and related guidance, the course leads the students through a step-by-step BEHAVIOUR customized methodology to implement an Information Security Risk Management (ISRM) program based on the ISO/IEC 27005 international standard in an organization, either as part of an new or existing isolated ISRM program, or, in support to the implementation of an Information Security Management System (ISMS) based on the ISO/IEC 27001.

The information security risk management implementation process covered on this course is supported by the ISO/IEC 27005, and related ISO/IEC 27000 family standards (ISO/IEC 27001, ISO/IEC 27002, among others), and additional recognized international guidance such as ISO 31000 standards, NIST information security risk standards (including NIST 800-30r1), among others.

The second part of the course includes the presentation and implementation of several well-known information security methodologies on the market considering the case-study provided. Through the course the students are presented with a more in depth or more high-level details to implement each one of these methods (note that the in-depth details presented will depend on method to method). The presented methodologies include, the NIST-800-30r1, MSRMG, OCTAVE, MAGERIT, EBIOS and a high-level presentation of the MEHARI, FAIR and M_o_R methods.

Based on a real-world adapted case-study organization, and supported by several approaches, templates, and other tools, including discussions and practical exercises, the students will team-up with their peers during this course and will be challenged to demonstrate their Manager skills to implement an ISRM program for this organization. This training methodology train and prepare students for successfully implement the ISO/IEC 27005 standard in a real-world environment with the support of well-known risk management methodologies.

Training Methodology This course is based on theorical, and practical sessions supported by a real-world adapted case-study.

The course includes hands-on practical and theorical exercises to:

better prepare the students for the real-world challenges, and

to prepare and increase the likelihood of success on the certification exam, and

train and prepare professionals for participating in an ISRM implementation program based on ISO/IEC 27005 or as part of an ISMS implementation based on ISO/IEC 27001.

prepare participants to select and implement the most suitable information security risk method in response to the need of their organization

This course is available to be delivered in a Classroom and Live-Training model.

Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.

Audience

Information Security and/or IT Consultants, Auditors, Managers or Risk Professionals

CISO, CIO, CSO or any Executive or Senior Manager responsible to ensure the alignment and delivery of value from Information Security Risk Management to the organization

Professionals responsible for the Information Security/IT Governance on the organization

Any professional, either, IT, information security, risk manager, business or any other, involved on the establishment, implementation, operations and/or continual improvement of an Information Security Risk Management program, isolated or, as part of an Information Security Management System (ISMS) based on ISO/IEC 27001

Anyone who wants to learn the fundamentals of ISO/IEC 27005 and acquire the expertise to implement an ISRM program based on this standard

Learning Objectives At the end of the course students should be able to: - Acquire the fundamental knowledge on the concepts related with information security risk management, including standards, frameworks, and methods

Understand the main concepts related with ISO/IEC 27005 and know how to apply and implement the guidance of the standard to support the implementation of an Information Security Risk Management (ISRM) program on an organization

Know how to use the ISO/IEC 27005 to support the implementation on an Information Security Management System (ISMS) based on ISO/IEC 27001

Draft and adapt a custom based information security risk management plan based on ISO/IEC 27005, ISO 31000, and well-known available methodologies to continually support the business strategy and challenges of an organization

Monitor, review and improve a risk management program, including, the maintenance of the risk management practices and residual risk at acceptable levels based on the risk appetite and tolerance

Support the organization on the achievement and maintenance of an ISRM program in compliance based on the guidance of ISO/IEC 27005 and in compliance with the ISO/IEC 27001 certification requirements

Acquire the knowledge to implement several well-known information security methodologies on the market, including, the NIST-800-30r1, MSRMG, OCTAVE, MAGERIT, EBIOS and a high-level understanding of the MEHARI, FAIR and M_o_R methods

Program

Introduction to Information Security Risk Management, the ISO/IEC 27005 standard, program, and context establishment

Information security risk assessment, treatment, and acceptance; risk communication, consultation, monitoring and review

Presentation and implementation of the NIST-800-30r1 and MSRMG methodologies

Presentation and implementation of the OCTAVE and MAGERIT methodologies

Presentation and implementation of the EBIOS methodology; Other methods.

Certified Risk Management 27005 Manager (CRM27005M) Exam

Exam

The “Certified Risk Management 27005 Manager” exam covers the following competence domains:

Domain 1: Information security risk management fundamentals and ISO/IEC 27005 guidelines

Domain 2: Information security risk management program based on ISO/IEC 27005

Domain 3: Information security risk assessment based on ISO/IEC 27005

Domain 4: Information security risk treatment and acceptance based on ISO/IEC 27005

Domain 5: Information security risk communication, monitoring and improvement based on ISO/IEC 27005

Language(s): English and Portuguese (please consult BEHAVIOUR for availability on additional languages).

Duration: 2 hours.

Exam details: One part exam.

Results: “Pass or Fail” qualitative score. In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade. If the candidate fails the exam, he is entitled to one free retake within a 1-year period from the initial exam date.

Passing score: 700/1000 marks.

Exam type: Scenarios-based open questions.

Certification

After successfully completing the certification exam, participants may apply for one of the two available credentials for this personnel certification scheme, depending on their level of experience.

Certified Risk Management 27005 Associate Manager: no previous experience required.

Certified Risk Management 27005 Manager: 2 years of experience on information security risk management

A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Candidates also receive the digital badge of the certification achieved.

The “Certified Risk Management 27005 Manager” personnel certification program is drafted and maintained according to the ISO/IEC 17024 standard.

General Information

Formação na língua portuguesa ou inglesa.

Recursos materiais da formação online e em Inglês, com acesso online, com informação e exemplos práticos.

Metodologia prática de gestão do risco

Certificado digital de Frequência de Formação Behaviour com 31 créditos CPD/CPE.

Exame de Certificação online, em Português e Inglês. O exame pode ser realizado até 3 meses, após a conclusão do curso.

Diploma digital de Certificação e Insígnia digital de Certificação, após sucesso no exame e conclusão do processo de candidatura. Este registo não tem qualquer custo associado.

Se o candidato não for aprovado no exame, tem o direito a uma nova tentativa gratuita dentro de um período máximo de 12 meses, a contar da data do exame inicial.

 

Perguntas Frequentes

Onde posso contactar o organizador se tiver questões?

More informations about program, dates and prices: https://behaviour-group.com/PT/curso-risk-management-27005-risk-methodologies/

Contact us: +351212103732 training@behaviour-group.com www.behaviour-group.com

 

Partilhar com os amigos

Localização

Lisboa

Av. Visconde de Valmor, 66, 4º

Av. Visconde de Valmor, 66, 4º

1050-242 Lisboa

Portugal

Ver mapa

Guardar Este Evento

Evento guardado