(2-Day course)
Course summary
This practical-based risk & information security training course will take delegates through all stages of the risk management process over a two-day period, using the guidelines presented in BS 7799-3:2006. Having been introduced to key terms and definitions, delegates will be taken through the key elements of performing a risk assessment (including scope, business impact analysis, threat and vulnerability assessment and risk identification and quantification) as well as risk treatment and ongoing risk management.
Topics include:
- relationship between BS 7799-3 and ISO 27001
- business benefits of information risk management
- scope (including asset identification)
- business impact analysis
- threat (vulnerability and likelihood) assessment
- risk identification and quantification
- risk evaluation and risk treatment
- risk monitoring.
Objectives
On completion of the two day risk & information security training course, delegates will have a good understanding of:
- the different stages of the risk management process as presented in BS 7799-3
- the business case for information risk management
- the key risk management terms and definitions
- the different approaches to risk management
- scoping a risk assessment
- performing a risk assessment
- treating risks
- ongoing risk management activities.
Pre-requisites
It will be presumed that delegates are familiar with the contents and concepts of both the ISO/IEC 17799 and the ISO/IEC 27001 standards.
Who should attend?
- Information security analysts
- Information security officers
- Information security consultants
- Information governance officers
- Data protection/freedom of information officers
- Business representatives responsible for developing or updating information systems
- Operational risk and compliance staff
This is only available as an in-house course.
For further information about specific training on this subject, please call us on
(+44) (0)845 086 9000 or enter your details in our enquiry form.
