This course enables participants to develop knowledge and skills for the mastery of the basic elements of risk management, from a general and then specific definition of information security and ISS risks, a presentation of the normative framework and existing methodologies.
This training is recommended as a preparation for the ISO 27005 Risk Manager and Ebios Risk Manager certification courses.
- Understand what a risk is and how to assess it
- Differentiate between information security risk and information systems security risk
- Understand the stakes of risk management
- Find your way in the existing documentation (standards and methodologies)
I. Defining and Assessing Risk Broadly
- Definition of risk
- Assessing the level of risk
II. Overview of the main current threats
III. Understanding information security risk
- Definition of information security
- The risk of information security
IV. Understanding Information Systems Security Risk
- Definition of Information System (IS)
- Definition of Information Systems Security (ISS)
- The risk of information systems security
I. Define and understand the issues of risk management
II. The normative framework
- The ISO/IEC 31000 standard
- The ISO/IEC 25000 standard
III. Risk management methods
- Overview of existing methods
- Comparison of existing methods
- The choice in the methodology
|Day 1||Day 2||Day 3|
|Live session||Section 1 (2H)||Section 2 (2H)||Question and answer session (45 min)
Evaluation of knowledge (45 min)
- A 45-minute quiz to validate the knowledge acquired during the training
- Training delivered by risk trainers
- Exchange moments on key concepts and experience sharing adapted to the learners’ context
- A training pedagogy adapted to all learning profiles
Who should attend?
Anyone interested in learning more about risk management in general and information security risk management in particular:
- Information security or compliance managers within an organization
- Risk managers
- Project manager
- Information security team member
- Information Technology Consultants
General knowledge of information systems.
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 5 working days before the start of the training.
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment. If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.