Jul 18, 2017 CERT.Global 1270times

Risk Management (ISO 31000) on Information Security Management Training Course

Understand how to apply risk management principles (ISO 31000) on organization's information security management.

Introduction 

The risk management principles provide by ISO 31000 are the foundation of "risk management approach" for ALL management systems, includes ISO 9001, 13485, 14001, 20000, 22000, 22301, 27001...etc. The successful completion of this course is essential for implement an effective management system.

To participate this training course, the following prior knowledge was expected: 

  1. Understand the concept of management systems accordance with ISO 19600
    • Management system process (PDCA, Plan-Do-Check-Act)
    • Understand the Organisation 
    • Leadership and commitment
    • Planning and risk management system requirements
    • Supporting the management system
    • Operating the management system 
    • Performance evaluation 
    • Continual improvement 
  2. Information Security Management accordance with ISO/IEC 27001
    • Information security risk management
    • Information security classification
    • Information security assets management
    • Information security controls

Who should attend?

This is intended for those who will be involved in risk management in any organization. Suggested job functions and their teams include:

  • Anyone involved in management system activities
  • Risk management and legal compliance 
  • Corporate governance and TOP management 
  • Consultant and Auditor
  • Management system representative
  • DPO (data protection officer)  

Learning objectives

  • Learn the main component of ISMS, particular on risk management requirement 
  • Understand the risk management framework and processes accordance with ISO 31000

Course benefits

  • Improve the competence of risk management
  • Understand the gap of existing risk management and best practice according to ISO 31000

Course outline

Day 1, ISMS (ISO/IEC 27001) and risk management consideration 

  • Process approach, Plan-Do-Check-Act (PDCA) and ISMS key components 
  • Overview ISMS implementation process 
  • Documented information for ISMS
  • Risk management approach in ISMS
    • Understand the Organisation
    • Business continuity management
    • Information security risk management requirements
  • Information security management consideration
    • Projects
    • Mobile Devices
    • Outsource and Supplier Relationship
    • Personal Data and Privacy
    • Cyber-Attack and Defence

Day 2, Risk management principles accordance with ISO 31000

  • Risk management framework
  • Risk management process and procedure 
  • Risk assessment
    • Identification the risk
    • Analysis the risk
    • Evaluation the risk 
  • Risk Treatment 
    • Treatment options
    • Plan(s)
  • Course summary / Q&A / Course exam

What's included?

  • Course material and media 
  • Course examination 
  • Course certificate

Organizational information

  • Delegates should note that there are evening works during the course
  • The minimal number of this class is 4 and maximum is 20. If the students less than 4, the course will be postponed.
  • This course is facilitated by TKSG online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.
  • This course is run in collaboration with CQI/IRCA Approved Training Partner - Hermes Infotech Inc.

Additional Info

Venue (地點): Public or In-house training
Time (時間): 2 days
Facilitator (講師): Authorized tutor

Related items

ICT Business Continuity and Disaster Recovery Professional Training Course
ICT Business Continuity and Disaster Recovery Professional Training Course

Understand how to apply business continuity risk management principles (ISO 22301) on the organization's ICT business continuity and disaster recovery management.

Jul 18, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipment, people, communication, networking, system, and application.

Jul 18, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Jul 18, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course

To compliance with ISO/IEC 27001, the organisation shall demonstrate its capability on conducting an effective Internal Audit, to ensure the management system fulfills legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures requirements.

Also, the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.

Jul 18, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Jul 18, 2017
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services

協助企業在即時偵測惡意攻擊與可疑的內部資料外洩偵測行為,防止惡意軟體蒐集將資料外送。

Jul 18, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course

(Registered Course Nr. PR320 / A17533)

Through the management system audit and certification, the organization can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also, the competence to plan, operation and continual improvements in the management system to control the risks and achieve its expected outcome.

Jul 18, 2017

Upcoming Event

There are no up-coming events
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework