ISO/IEC 27005:2018 Information Security Risk Management

With the increasing number of internal and external information security threats, organizations recognize the importance of adopting a formal risk management programme. Without a mechanism to identify, analyse and manage information security risks, it’s difficult for organizations to prioritize their security remediation efforts and resource allocation and associated costs. This leaves organizations more susceptible to security breaches, which can lead to financial and reputational damage.

Building on the concepts and framework specified in ISO/IEC 27001, ISO/IEC 27005:2018 provides guidelines for adopting an information security risk management approach that is appropriate to all organizations.

This course aims to provide you with clear and practical guidance on the framework and steps involved to identify, analyse and manage information security risks. It will help you to review your existing risk treatments and controls and ensure they are appropriate to manage and reduce the identified risks. This will give you the confidence to get the most effective allocation of resources in place to address information security issues for your organization.

How will I benefit?

This course will help you:

  • Identify key benefits associated with using ISO/IEC 27005:2018 for protecting information assets, as part of an effective information security management system (ISMS)
  • Understand the best practice risk management processes contained in    ISO/IEC 27005:2018
  • Understand the rationale behind the processes, usage and implementation
  • Establish an acceptable level of risk for your information assets based on a knowledge and understanding of the risks your organization faces
  • Develop processes for assessing and managing the many different risks related to your organization’s information assets
  • This course will help organizations investigate and score information security risks in a robust, quantifiable and repeatable way.