ISO/IEC 27005. Information security risk management
This course covers the ISO/IEC 27005:2018 guidelines for information security risk management. The first part of the course covers information security management in the ISO/IEC 27000 series of international standards, risk management according to ISO 31000, and information security risk management according to ISO/IEC 27005.
The context of the risk management process is covered in the next section of the course, which covers the scope of risk management, its purpose, and any constraints that may affect it. It will also talk about the structure for managing information security risks. The following videos cover the risk assessment process, starting with asset identification and valuation, as well as threats and vulnerabilities identification. To help you understand the concepts, examples of threats and vulnerabilities are provided along the way.
The course then moves on to risk treatment, which includes a discussion of the various risk treatment options, including avoidance, modification, sharing, and retention. The concepts are once again accompanied by examples to make them easier to comprehend. This section of the course will also cover the decision to accept risks and the conditions that must be met. The final section discusses risk communication and consultation, as well as the importance of continuously monitoring and reviewing the risk management process to ensure that it remains relevant and appropriate.
Who this course is for:
- Information security officers
- Information security risk managers and analysts
- ISO enthusiasts
- Information security auditors and consultants
Requirements
- Familiarity with ISO standards is helpful
- Familiarity with the concepts of information security management
Course ratings: 4.4/5
Enroll here: https://www.udemy.com/course/isoiec-27005-information-security-risk-management/