ISO/IEC 27005 Lead Risk Manager Training Course
ISO/IEC 27005 Lead Risk Manager training enables you to acquire the necessary expertise to support an organization in the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training will also contain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course supports the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.
After mastering all the necessary concepts of Information Security Risk Management based on ISO/IEC 27005, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27005 Lead Risk Manager” credential. By holding a PECB Lead Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Risks.
Who should attend?
- Information Security risk managers
- Information Security team members
- Individuals responsible for Information Security, compliance, and risk within an organization
- Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or individuals who are involved in a risk management program
- IT consultants
- IT professionals
- Information Security officers
- Privacy officers
Examination - Duration: 3 hours
The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:
- Domain 1 Fundamental principles and concepts of Information Security Risk Management
- Domain 2 Implementation of an Information Security Risk Management program
- Domain 3 Information security risk assessment
- Domain 4 Information security risk treatment
- Domain 5 Information security risk communication, monitoring and improvement
- Domain 6 Information security risk assessment methodologies
General Information
- Certification fees are included on the exam price
- Training material containing over 350 pages of information and practical examples will be distributed
- A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued
- In case of exam failure, you can retake the exam within 12 months for free
Course Outline
Day 1 Introduction to ISO 27005, concepts and implementation of a risk management program
- Section 01: Course objectives and structure
- Section 02: Standard and regulatory framework
- Section 03: Concepts and definitions of risk
- Section 04: Implementing a risk management programme
- Section 05: Context establishment
Day 2 Risk identification, evaluation, and treatment as specified in ISO 27005
- Section 06: Risk Identification
- Section 07: Risk Analysis
- Section 08: Risk Evaluation
- Section 09: Risk Assessment with a quantitative method
- Section 10: Risk Treatment
Day 3 Information Security Risk Acceptance, Communication, Consultation, Monitoring and Review
- Section 11: Information security risk acceptance
- Section 12: Information security risk communication and consultation
- Section 13: Information security risk monitoring and review
Day 4 Risk Assessment Methodologies
- Section 14: OCTAVE Method
- Section 15: MEHARI Method
- Section 16: EBIOS Method
- Section 17: Harmonized Threat and Risk Assessment (TRA) Method
- Section 18: Applying for certification and closing the training
Day 5 Certification Exam
Requirements
A fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of Risk Assessment and Information Security.
Open Training Courses require 5+ participants.
ISO/IEC 27005 Lead Risk Manager Training Course - Booking
ISO/IEC 27005 Lead Risk Manager Training Course - Enquiry
ISO/IEC 27005 Lead Risk Manager - Consultancy Enquiry
Consultancy Enquiry
Testimonials (4)
The fact that there were practical examples with the content
Smita Hanuman - Standard Bank of SA Ltd
Course - Basel III – Certified Basel Professional
The trainer was extremely clear and concise. Very easy to understand and absorb the information.
Paul Clancy - Rowan Dartington
Course - CGEIT – Certified in the Governance of Enterprise IT
The trainer was very motivated and knowledgeable. The trainer was not only capable of information transfer, she also brought it with humor to lighten the dry theoretical training subject.
Marco van den Berg - ZiuZ Medical B.V.
Course - HIPAA Compliance for Developers
I genuinely enjoyed the real examples of the trainer.
Joana Gomes
Course - Compliance and the Management of Compliance Risk
Upcoming Courses (Minimal 5 peserta)
Related Courses
Introduction to ISO27001
7 HoursPelatihan langsung yang dipimpin instruktur di Indonesia (online atau di tempat) ini ditujukan untuk profesional tingkat pemula yang ingin memperoleh pemahaman tentang ISO 27001 dan perannya dalam meningkatkan keamanan informasi dalam suatu organisasi.
Pada akhir pelatihan ini, peserta akan dapat:
- Memahami tujuan dan manfaat ISMS.
- Membiasakan diri dengan konsep, istilah, dan prinsip utama ISO 27001.
- Mengenali peran auditor dalam memastikan kepatuhan.
- Dapatkan wawasan tentang proses audit dan perbaikan berkelanjutan dalam ISO 27001.
Basel III – Certified Basel Professional
21 HoursKeterangan:
Basel III adalah standar regulasi global mengenai kecukupan modal bank, uji ketahanan, dan risiko likuiditas pasar. Setelah awalnya disetujui oleh Komite Basel untuk Pengawasan Perbankan pada tahun 2010–11, perubahan pada The Accord telah memperpanjang penerapannya hingga 31 Maret 2019. Basel III memperkuat persyaratan modal bank dengan meningkatkan likuiditas bank dan mengurangi leverage bank.
Basel III berbeda dari Basel I & II karena ia mensyaratkan tingkat cadangan yang berbeda untuk berbagai bentuk simpanan dan jenis pinjaman lainnya, sehingga ia tidak begitu menggantikan keduanya melainkan berfungsi berdampingan dengan Basel I dan Basel II.
Lanskap yang kompleks dan terus berubah ini bisa jadi sulit untuk diikuti, kursus dan pelatihan kami akan membantu Anda mengelola kemungkinan perubahan dan dampaknya terhadap institusi Anda. Kami terakreditasi dan menjadi mitra pelatihan Basel Certification Institute dan dengan demikian kualitas dan kesesuaian pelatihan dan materi kami dijamin mutakhir dan efektif.
Tujuan:
- Persiapan untuk Ujian Profesional Basel Bersertifikat.
- Menentukan strategi dan teknik langsung untuk definisi, pengukuran, analisis, peningkatan, dan pengendalian risiko operasional dalam organisasi perbankan.
Sasaran Pemirsa:
- Anggota dewan dengan tanggung jawab risiko
- CRO dan Kepala Risiko Management
- Anggota Tim Risiko Management
- Staf kepatuhan, hukum, dan dukungan TI
- Analis Ekuitas dan Kredit
- Manajer Portofolio
- Analis Lembaga Pemeringkat
Ringkasan:
- Pengantar norma-norma Basel dan amandemen terhadap Kesepakatan Basel (III)
- Peraturan mengenai risiko pasar, kredit, rekanan dan likuiditas
- Pengujian stres untuk berbagai ukuran risiko termasuk cara merumuskan dan memberikan pengujian stres
- Dampak yang mungkin terjadi dari Basel III terhadap industri perbankan internasional, termasuk demonstrasi penerapan praktisnya
- Perlunya Norma Basel Baru
- Norma Basel III
- Tujuan Norma Basel III
- Basel III – Garis Waktu
Certified Fraud Examiner (CFE) Preparation
70 HoursPelatihan langsung yang dipimpin instruktur di Indonesia (online atau di lokasi) ini ditujukan untuk profesional tingkat lanjut yang ingin mendapatkan pemahaman komprehensif tentang konsep pemeriksaan penipuan dan mempersiapkan diri untuk ujian Certified Fraud Examiner (CFE).
Pada akhir pelatihan ini, peserta akan mampu:
- Dapatkan pengetahuan komprehensif tentang prinsip pemeriksaan penipuan dan proses pemeriksaan penipuan.
- Belajar mengidentifikasi, menyelidiki, dan mencegah berbagai jenis skema penipuan keuangan.
- Memahami lingkungan hukum terkait penipuan, termasuk unsur hukum penipuan, undang-undang, dan peraturan terkait.
- Dapatkan keterampilan praktis dalam melakukan investigasi penipuan, termasuk pengumpulan bukti, teknik wawancara, dan analisis data.
- Belajar merancang dan menerapkan program pencegahan dan pencegahan penipuan yang efektif dalam organisasi.
- Dapatkan kepercayaan diri dan pengetahuan agar berhasil lulus ujian Certified Fraud Examiner (CFE).
CGEIT – Certified in the Governance of Enterprise IT
28 HoursDescription:
This four day event (CGEIT training) is the ultimate preparation for exam time and is designed to ensure that you pass the challenging CGEIT exam on your first attempt.
The CGEIT qualification is an internationally recognised symbol of excellence in IT governance awarded by ISACA. It is designed for professionals responsible for managing IT governance or with significant advisory or assurance responsibility for IT governance.
Achieving CGEIT status will provide you with wider recognition in the marketplace, as well as increased influence at executive level.
Objectives:
This seminar has been designed to prepare Delegates for the CGEIT examination by enabling them to supplement their existing knowledge and understanding to be better prepared to pass the exam, as defined by ISACA.
Target Audience:
Our training course is for IT and business professionals, with significant IT governance experience who are undertaking the CGEIT exam.
Compliance for Payment Services in Japan
7 HoursThis instructor-led, live training in Indonesia (online or onsite) is aimed at payment services compliance professionals who wish to create, implement, and enforce a compliance program within an organization.
By the end of this training, participants will be able to:
- Understand the rules set forth by government regulators for payment service providers.
- Create the internal policies and procedures needed to satisfy government regulations.
- Implement a compliance program that adheres to relevant laws.
- Ensures that all corporate processes and procedures comply with the compliance program.
- Uphold the business's reputation while protecting it from lawsuits.
Cybersecurity Governance, Risk & Compliance (GRC)
14 HoursPelatihan langsung yang dipandu instruktur di Indonesia (online atau di tempat) ini ditujukan untuk profesional keamanan siber tingkat menengah yang ingin meningkatkan pemahaman mereka tentang kerangka kerja GRC dan menerapkannya pada operasi bisnis yang aman dan patuh.
Pada akhir pelatihan ini, peserta akan dapat:
- Memahami komponen utama tata kelola, risiko, dan kepatuhan keamanan siber.
- Melakukan penilaian risiko dan mengembangkan strategi mitigasi risiko.
- Menerapkan langkah-langkah kepatuhan dan mengelola persyaratan peraturan.
- Mengembangkan dan menegakkan kebijakan dan prosedur keamanan.
Governance, Risk Management & Compliance (GRC) Fundamentals
21 HoursCourse goal:
To ensure that an individual has the core understanding of GRC processes and capabilities, and the skills to integrate governance, performance management, risk management, internal control, and compliance activities.
Overview:
- GRC Basic terms and definitions
- Principles of GRC
- Core components, practices and activities
- Relationship of GRC to other disciplines
HIPAA Compliance for Developers
7 HoursHIPAA (Health Insurance Portability and Accountability Act of 1996) is a legislation in the United States that provides provisions for data privacy and security for handling and storing medical information. These guidelines are a good standard to follow in developing health applications, regardless of territory. HIPAA compliant applications are recognized and more trusted globally.
In this instructor-led, live training (remote), participants will learn the fundamentals of HIPAA as they step through a series of hands-on live-lab exercises.
By the end of this training, participants will be able to:
- Understand the basics of HIPAA
- Develop health applications that are compliant with HIPAA
- Use developer tools for HIPAA compliance
Audience
- Developers
- Product Managers
- Data Privacy Officers
Format of the Course
- Part lecture, part discussion, exercises and heavy hands-on practice.
Note
- To request a customized training for this course, please contact us to arrange.
HiTrust Common Security Framework Compliance
14 HoursThis instructor-led, live training in Indonesia (online or onsite) is aimed at developers and administrators who wish to produce software and products that are HiTRUST compliant.
By the end of this training, participants will be able to:
- Understand the key concepts of the HiTrust CSF (Common Security Framework).
- Identify the HITRUST CSF administrative and security control domains.
- Learn about the different types of HiTrust assessments and scoring.
- Understand the certification process and requirements for HiTrust compliance.
- Know the best practices and tips for adopting the HiTrust approach.
ISO 27001:2023 Internal Auditor of the Information Security Management System
35 HoursObjectives
- Gaining knowledge of ISO 27001:2023
- Gaining knowledge on how to audit in accordance with the standard
- Getting to know good practices
ISO 27001:2023 Lead Auditor of the Information Security Management System
35 HoursObjectives
- Gaining knowledge of ISO 27001:2023
- Gaining knowledge on how to audit in accordance with the standard
- Getting to know good practices
ISO 27001:2023 Requirements
14 HoursObjectives
- Gaining knowledge about changes to ISO 27001 2023 edition
- Gaining knowledge on how to audit in accordance with the standard
- Getting to know good practices
Compliance and the Management of Compliance Risk
21 HoursAudiance
All staff who need a working knowledge of Compliance and the Management of Risk
Format of the course
A combination of:
- Facilitated Discussions
- Slide Presentations
- Case Studies
- Examples
Course Objectives
By the end of this course, delegates will be able to:
- Understand the major facets of Compliance and the national and international efforts being made to manage the risk related to it
- Define the ways in which a company and its staff might set up a Compliance Risk Management Framework
- Detail the roles of Compliance Officer and Money Laundering Reporting Officer and how they should be integrated into a business
- Understand some other “hot spots” in Financial Crime – especially as they relate to International Business, Offshore Centres and High-Net-Worth Clients
PCI-DSS Practitioner
14 HoursPelatihan Profesional Industri Kartu Pembayaran langsung yang dipandu instruktur di Indonesia (online atau di tempat) ini memberikan kualifikasi individual bagi praktisi industri yang ingin menunjukkan keahlian profesional dan pemahaman mereka tentang Standar Keamanan Data PCI (PCI DSS).
Pada akhir pelatihan ini, peserta akan dapat:
- Pahami proses pembayaran dan standar PCI yang dirancang untuk melindunginya.
- Memahami peran dan tanggung jawab entitas yang terlibat dalam industri pembayaran.
- Memiliki wawasan dan pemahaman mendalam tentang 12 persyaratan PCI DSS.
- Menunjukkan pengetahuan tentang PCI DSS dan bagaimana penerapannya pada organisasi yang terlibat dalam proses transaksi.
PECB ISO 27001:2022 Transition
14 HoursThis instructor-led, live training in Indonesia (online or onsite) is aimed at intermediate to expert-level IT professionals who wish to enhance their skills and qualifications in information security or related fields.
By the end of this training, participants will be able to:
- Understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022.
- Gain the knowledge and skills to plan and implement the transition from the 2013 to the 2022 version of the standard efficiently.
- Apply the knowledge in real-world scenarios, facilitating a smooth transition in their respective organizations.