Mastering risk evaluation and optimal risk management in information security based on ISO 27005 with the OCTAVE method
In this five-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework and OCTAVE method. The OCTAVE method (including OCTAVE-S and OCTAVE Allegro) was developed by the CERT. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.
Introduction, risk management program according to ISO 27005Concepts and definitions related to risk managementRisk management standards, frameworks and methodologiesImplementation of an information security risk management programUnderstanding an organization and its contextRisk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005Risk identificationRisk analysis and risk evaluationRisk assessment with a quantitative methodRisk treatmentRisk acceptance and residual risk managementInformation Security Risk Communication and ConsultationRisk monitoring and reviewCertified ISO 27005Risk Manager Exam (2 hours)Start of a risk assessment with OCTAVEPresentation of OCTAVEPhase 1 - Process 1 to 3 (Understanding the Organization)Phase 1 - Process 4 (Create threat profiles)Phase 2 - Process 5 (Identification of key components)Assessment of vulnerabilities and risk, according to OCTAVEPhase 2 - Process 5 (Continued)Phase 2 - Process 6 (Evaluation of selected components)Phase 3 - Process 7 (Conducting the risk assessment)Phase 3 - Process 8 (Development of a Protection Strategy)The OCTAVE Method Implementation approach and conclusionPhase 3 – Process 8 (Development of a Protection Strategy – cont.)The OCTAVE Method Implementation GuideOCTAVE – SOCTAVE AllegroSummary
Risk managersPersons responsible for information security or conformity within an organizationMember of the information security teamIT consultantsStaff implementing or seeking to comply with ISO 27001 and involved in a risk management program based upon the OCTAVE method
understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 27005interpret the requirements of ISO 27001 on information security risk managementdevelop the necessary skills to conduct a risk assessment with the OCTAVE method (including OCTAVE-S and OCTAVE Allegro)master the steps to conduct a risk assessment with the OCTAVE method (...)
A basic knowledge of risk management is recommended.
O seu pedido de informação foi enviado correctamente. Obrigado.
Quase 70% da população considera ter um nível de escolaridade suficiente para o trabalho que ocupa, conclui um estudo, que constata que a maioria dos portugueses gostava de ter mais qualificações, mas não pensa voltar a estudar.
O estudo, a que a agência Lusa teve acesso e que foi realizado para o think tank de educação Edulog, da Fundação Belmiro de Azevedo, conclui que a maioria da população (68%) considera que tem um nível de escolaridade suficiente face às exigências do mercado de trabalho.