Course Overview

Learn the process of conducting an effective information security risk assessment through practical risk management methodologies as promoted by ISO 27005. Presented by an ISO 27001 practitioner offering real-world expertise and insights.

Training DurationTotal Training Hours : 30 Hours
Training Duration : 1 Week
Total Training Days : 5 Working Days
Training SchedulesWeekdays (Sunday to Thursday)
Regular Sessions : 6 Hrs Per day (9am to 2pm or 3.00pm to 9.00 pm)
Food & refreshments Included

WeekEnds (Friday & Saturday)
Fast Track Sessions: 8 Hours per day (9am to 5pm)
Food & refreshments Included

1) Certificate from Laurels Training Institute, Attested by Knowledge & Human Development Authority (KHDA) government of Dubai, UAE - With Online Worldwide recognition facility

2) Certificate from American Institute of Professional Studies (AIPS) from USA (After 15 Days of course Completion which will couriered to the attendees office address) - With Online Worldwide recognition facility

3) ISO Certificate

Learning AidsYes
Course MaterialHard & Soft Copies of Study Material
Language of InstructionEnglish
Instructor HelplineYes
1. Email
2. Social Media (For Emergency requirements)
Registration Requirements1. Passport Copy
2. Curriculum Vitae
3. Passport size photographs
4. Course Fee
Mode of Payment:Cash / Cheque / Credit Card / Bank Transfer.
Eligibility Criteria
(Who should attend this training)
This course is intended for managers and prospective implementers of risk management, and for stakeholders in such efforts.
Course Benefits

The role and importance of risk management in an organisation.

Why risk management is the core competence of information security management.

Full details of the ISO 27005 information risk management standard and an understanding of key risk management terminology.

How ISO 27005 is related to the ISO 31000:2009 risk management standard.

How vsRisk™ information security risk assessment software can help you save time and money.

How to use risk management to achieve certification and maintain compliance with the ISO 27001 information security management standard.

‘Hands-on’ practical experience in carrying out an effective risk assessment process as defined by ISO/IEC 27005:2011.

The key information security risk assessment processes, including context establishment, risk assessment, risk treatment and monitoring/review.

The competence to advise third-party organisations on information security risk management."
Course Contents / Outline

Introduction, Risk Management Program according to ISO/IEC 27005

Concepts and definitions related to risk management

Risk management standards, frameworks and methodologies

Implementation of an information security risk management program

Understanding of an organisation and its context

Risk Identification and Assessment, Risk Evaluation, Treatment, Acceptance, Communication and Surveillance according to ISO/IEC 27005


Risk identification

Risk analysis and risk evaluation

Risk assessment with a quantitative method

Risk treatment

Risk acceptance and residual risk management

Information security risk communication and consultation

Risk monitoring and review

Day 3: Overview of other Information Security Risk Assessment Methods and Certification Exam


Presentation of OCTAVE method

Presentation of MEHARI method

Presentation of EBIOS method

Presentation of Harmonized TRA method

Certification exam which covers the following domains:

Domain 1: Fundamental concepts, approaches, methods and techniques of information security risk management

Domain 2: Implementation of an information security risk management program

Domain 3: Information security risk assessment based on ISO/IEC 27005"

© Laurels Training Institute 2017. All Rights Reserved.