Introduction – Your opportunity to . . .
· Understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 and ISO 31000
· Learn the different methods of risk assessment used on the market e.g.: NIST 800-30, Microsoft Security Risk Management Guide, OCTAVE, Harmonized TRA, EBIOS and FAIR.
Calling….
· Risk Managers, Business Management, IT/IS Management, IT/IS Auditors, Internal Auditors, Information Security, Project Managers, IT Practitioners and Consultants.
Instructor
Peter T. Davis, an expert in IT Governance, Security and Audit, past President and founder of the Toronto ISSA Chapter will instruct this course.
REGISTER NOW – Click Here
Using ISO 31000/ISO 27005 Standards for Optimal Risk Management
In this one-day course participants will learn the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 and ISO 31000:2009 standards as a reference framework. Participants will learn the different methods of risk assessment used on the market e.g.: NIST 800-30, FAIR, OCTAVE, Harmonized TRA, EBIOS and Microsoft Security Risk Management Guide. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
In this seminar, we will discuss:
· The major aspects of ISO 31000 and ISO 27005
· The business benefits of using a standard
You will leave the session with the tools to:
· Understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 and ISO 31000
· Learn the different methods of risk assessment used on the market e.g.: NIST 800-30, Microsoft Security Risk Management Guide, OCTAVE, Harmonized TRA, EBIOS and, FAIR
Target Audience
· Risk Managers, Business Management, IT/IS Management, IT/IS Auditors, Internal Auditors, Information Security, Project Managers, IT Practitioners, and Consultants.
Prerequisites: N/A.
Exam: N/A.
Seminar Outline
v Introduction, risk management program, risk identification and assessment according to ISO 27005 and ISO 31000
§ Concepts and definitions related to risk management
§ Risk management standards, frameworks and methodologies
§ Implementation of an information security risk management program
§ Understanding an organization and its context
§ Risk identification and risk analysis
v Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 and ISO 31000
§ Risk evaluation and risk treatment
§ Risk assessment with a quantitative method
§ Acceptance of information security risks and management of residual risks
§ Information security risk communication
§ Information security risk monitoring and review
v Introduction to risk assessment methodologies
§ EBIOS
§ FAIR
§ Harmonized TRA
§ Microsoft Security Risk Management Guide
§ NIST 800-30
§ OCTAVE
Instructor Bio
Peter Davis (CISA, CISSP, CMA, CMC, CWNA, CISM, COBIT FC, ITIL FC, PMP, SSGB, CGEIT, CFRA, ISTQB CTFL, PRINCE2 FC, ISO 27001 LI/LA, ISO 20000 FC, ISO 22301 FC, ISO 27005/31000 RM, ISO 9001 FC, ISO 28000 FC) is the Principal of Peter Davis+Associates (http://www.pdaconsulting.com), a management consulting firm specializing in IT Governance, Security, and Audit. Prior to founding PDA, Mr. Davis’ private sector experience included stints with two large Canadian banks and a manufacturing company. He was formerly a principal in the Information Systems Audit practice of Ernst & Young. In the public sector, Mr. Davis was Director of Information Systems Audit in the Office of the Provincial Auditor (Ontario). A 30-year information systems audit and security veteran, Mr. Davis’ career includes positions as security administrator, security planner, consultant, and information systems auditor.
Mr. Davis also is the past President and founder of the Toronto ISSA chapter, past Recording Secretary of the ISSA’s International Board and past Computer Security Institute Advisory Committee member. In addition, he was a member of the international committee formed to develop Generally Accepted System Security Principles (GSSP). Mr. Davis has written or co-written 12 books including “Lean Six Sigma Secrets for the CIO,” “Hacking Wireless Networks for Dummies,” “Wireless Networks for Dummies,” “Computer Security for Dummies,” and “Securing and Controlling Cisco Routers.” Peter is listed in the International Who’s Who of Professionals. He is a past Editor of EDPACS, a monthly publication for security and audit professionals.