Learning Center
Plans & pricing Sign in
Sign Out

Risk Manager 27005 - Download as PDF


Risk Manager 27005 document sample

More Info
									About INTEGRA Solution                          About VERIDON
INTEGRA Solution provides ICT based
solutions, consultancies and systems in
                                                Veridion's mission is to provide businesses
                                                with training and services in audit,            Certified ISO 27005:2008 RISK Manager
regulated environments for industries that      compliance and information security,
require digital risk management                 thereby enabling them to evaluate, manage
INTEGRA Solution is the first company in        and reduce their information security risks.
the wider region (SEE) which has                To maximize and safeguard the
successfully made a business entity in the      investments of our clients, we guarantee
banking sector compliant and certified for      the topmost quality training adapted to their
information security (compliant with ISO        needs, together with courteous and
27001:2005).                                    unsurpassed customer service.
We are equipped with 10+, 15+ senior level      In everything we do, we emphasize
staff and hands-on experience and               partnership, entrepreneurship, integrity and
credentials of CISA, ISO 27001:2005 Lead        team spirit because we know that they are
Auditors (IRCA) and CISSP certifications.       the key ingredients for a world-class

                                                                                                                                                                        Security RISK Manager
                                                                                                                                                                         Become Information
Profiled this way we guarantee successful       business.
implementation of compliance based              This mission statement describes not only
solutions for regulated industries, such as     our company's reason for being, but also
Basel II and overcoming the operational risk    our goals and values. We trust these few
in the banking sector, PCI for card             words will lead you to understand the
processing operators and merchandisers,         fundamental characteristics of Veridion
SOX Section 404 concerning IT controls of
information systems for financial reports and
Data Privacy and Intellectual Property
safeguarding regulations.

Exam and Certification                          Site point of contact                           INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
The “ISO/IEC 27005:2008 Certified               For any questions about registration,
RISK Manager” exam is certified by              accommodation, travel or any other              Risk Manager (ISO 27005:2008 Standard)
RABQSA and meets the criteria of the            logistical aspect of your attendance
                                                                                                                               th                     th
"RABQSA Training Provider                       on Certified Risk Manager training                  Course: Monday 13 to Wednesday 15 of December 2010
Examination Certification Scheme"               course please contact us at:                    Registration: from 1st to 30th of November 2010 (Available 10 seats only)
(TPECS) and covers the following
competency unit:                                INTEGRA Solution office:
 ü RABQSA – IS (Information                             Unique offer to the ISMS based training market based on the professional certification
   Security Management System)                  Tel/Fax: +389 (0)2 3177 177                     schema of RAB QSA recognized all over the world.
                                                                                                A student manual containing over 200 pages of information and practical examples
Duration of the exam: 2 hours.                                                                  will be distributed to the participants
A certificate will be issued to                                                                 A 14 CPE (Continuing Professional Education) participation certificate
                                                Location of the Certified RISK
participants who successfully                                                                   will be issued to all participants.
                                                Manager training course:
complete the exam.
                                                Hotel TCC Plaza - Skopje
An attendance confirmation                      !000 Skopje
document will be issued to all other            Macedonia
BENEFITS                                                                                                                                                                                                    PEOPLE AND PROCESSES MORE IMPORTANT THAN

                                                                                   Price (training materials, coffee, lunch): 990 €* + VAT
                                                                                                                                             * For second participant from same organization 10% discount
This three-day intensive training course enables the participants to master the                                                                                                                             TECHNOLOGY IN SECURING THE ENTERPRISE
basic risk management elements related to information using the ISO/IEC
27005:2008 standard as a reference framework.
                                                                                                                                                                                                            ACCORDING TO GLOBAL SURVEY OF 4,000 INFORMATION
On successfully completing the course, students will have:                                                                                                                                                  SECURITY PROFESSIONALS
   w Understand the main methodologies in Risk Management
   w Understanding the application of an Risk Management in the ISO/IEC                                                                                                                                     Results of the third annual Global Information Security Workforce Study, conducted by
     27005:2008 context;                                                                                                                                                                                    global analyst firm IDC and sponsored by (ISC)². According to more than 4,000 information
   w the knowledge necessary for the implementation, management and
     Acquire                                                                                                                                                                                                security professionals from more than 100 countries in the largest study of its kind, the most
     maintenance of an ongoing risk management program;                                                                                                                                                     important elements in effectively securing their organization's infrastructure are (in order of
   w To introduce the concepts, approaches, standards, methods and
                                                                                                                                                                                                               ·   Management support of security policies
     techniques allowing an effective management of risk;
                                                                                                                                                                                                               ·   Users following security policy
   w Understand the relationship between the information security management
                                                                                                                                                                                                               ·   Qualified security staff
     system including risk management), the security measures and the
     compliance with the requirements of different stakeholders of an                                                                                                                                          ·   Software solutions
     organization;                                                                                                                                                                                             ·   Hardware solutions
   w the skills necessary to effectively advise organizations on the best
                                                                                                                                                                                                            According to the study, the top three success factors highlight the need for public and private
     practices in Risk Management;
                                                                                                                                                                                                            entities to focus more time and attention on policies, processes and people, all areas which
   w Interpret the requirements of ISO/IEC 27001:2005 on risk management.                                                                                                                                   have been traditionally overlooked in favor of trusting hardware and software to solve security
The ISO 27005 “Certified Risk Manager” participants will also develop personal                                                                                                                              problems. Survey respondents say organizations are now beginning to recognize that
skills and knowledge required to advise organizations on best practices in Risk                                                                                                                             technology is an enabler, not the solution, for implementing and executing a sound security
management in Information Security context.                                                                                                                                                                 strategy.

                                                                                                                                                                                                            WHY YOU SHOULD PARTICIPATE                         WHY ORGANIZATIONS SHOULD
CONTENT                                                                                                                                                                                                     Increasing regulatory compliance within the        HAVE PARTICIPANTS
The intensive three days training course provides:
                                                                                                                                                                                                            public and private sectors requires strong
 Ÿ Introduction to risk management according to ISO 27005:2008
   Day 1:                                                                                                                                                                                                                                                      There are several key processes that should
                                                                                                                                                                                                            security policies, processes, and controls,
   Ø  Understanding main methodologies in Risk Management                                                                                                                                                                                                      be established within the organization with
                                                                                                                                                                                                            which force organizations to adopt security
   Ø management according to ISO 27005
      Risk                                                                                                                                                                                                                                                     Information Security context, and they should
                                                                                                                                                                                                            standards and frameworks for a long-term           be driven by empowered professionals. We
   Ø  Concepts and definitions related to risk management                                                                                                                                                   approach to mitigating risk.                       mark them as:
   Ø  Standards, frameworks and methodologies in risk management                                                                                                                                            Those requirements are reflected in the             Ÿ  Establishment of policies in compliance with
 Ÿ Risk management and risk treatment according to ISO 27005:2008
   Day 2:                                                                                                                                                                                                   organizational charts and responsibilities of:         regulatory requirements as a responsibility
   Ø  Implement a risk management program                                                                                                                                                                    Ÿ Person responsible for Risk Management              of Compliance officers.
   Ø analysis (identification and estimation)                                                                                                                                                                  within an organization                              Risk
                                                                                                                                                                                                                                                                Ÿ management process through
   Ø Assessment                                                                                                                                                                                              Ÿ Person responsible for information security         systematic risk measurement of threats and
   Ø Treatment                                                                                                                                                                                                 or conformity within an organization                vulnerabilities as a main responsibility of
 Ÿ Disseminating risk management practices
   Day 3:                                                                                                                                                                                                    Ÿ Member of the information security team             Risk officers and Top Management
   Ø  Acceptance of risk and management of residual risks                                                                                                                                                    Ÿ advisor in IT
                                                                                                                                                                                                               Expert                                           Ÿ  Processes of proper identification and
   Ø communication                                                                                                                                                                                           Ÿ of organizations implementing or
                                                                                                                                                                                                               Staff                                               classification of assets and selection of
   Ø  Monitoring and controlling risk                                                                                                                                                                          seeking to comply with ISO/IEC 27001:2005           appropriate controls to manage risks as a
   Ø  Exam “ISO/IEC 27005:2008 Certified Risk Manager”                                                                                                                                                         or involved in a risk management program            responsibility of Information Security
                                                                                                                                                                                                            They are responsible as a team to demonstrate          officers
Based on practical exercises and case studies, the participant will be able to perform an                                                                                                                                                                       Ÿ  Mitigate risks and proactive elimination of
                                                                                                                                                                                                            that organization is mitigating risk to clients,
optimal risk evaluation and manage risks in time by being familiar with their life cycle.                                                                                                                                                                          threats and vulnerabilities as a responsibility
                                                                                                                                                                                                            consumers, shareholders, authorities and
Note that this training fits perfectly in the framework of an ISO 27001 standard                                                                                                                            society at large.                                      of an Information Technology Officers.
implementation process.                                                                                                                                                                                                                                        This course through people delivers value to all
                                                                                                                                                                                                                                                               of these processes.

To top