Risk management is a vital tool for decision making on organizational information security based on ISO/IEC 27001 international standard. But the important question that many people want to know is how and when.

This 1-day course is led by an instructor who has over a decade of experience and familiarity with Information Security Management System (ISMS). The training material is built from ISO/IEC 27005 and related international standard and leading practice (e.g. ISACA’s Risk IT Framework) but reorganized into an easy-to-understand format.

To understand how and when to use risk management for information security management.

• Information security risk management
• International standard and leading practice
• Asset-based approach vs event-based approach
• Context establishment
• Risk assessment process
• Risk treatment process
• Example of techniques in support of the risk assessment process
• Useful information from other sources

• Information Security Managers and Analysts
• Risk Management Professionals
• IT Managers and Consultants
• Compliance Officers and Assurance Staff
• Personnel involved in the security management processes within organizations