Implementing and Performing Risk Management with ISO/IEC 27005

Everything you do in information security is related to risk, and no matter your discipline, sharpening your ISRM skills will increase your value. This course will arm you with a practical risk framework and approach to prioritize and address risk.
Course info
Level
Intermediate
Updated
Aug 1, 2019
Duration
2h 14m
Table of contents
Course Overview
Overview of ISO/IEC 27005:2018
Establishing the ISRM Context
ISRM: Identifying and Assessing Risk
ISRM: Evaluating Risk Treatment Options
ISRM: Communicating, Monitoring, and Reviewing Risk
Description
Course info
Level
Intermediate
Updated
Aug 1, 2019
Duration
2h 14m
Description

Information security is a broad discipline, and security teams are increasingly strapped for time and resources. In this course, Implementing and Performing Risk Management with ISO/IEC 27005, you will find a practical framework to prioritize and orchestrate a comprehensive information security risk framework. First, you will learn about the internationally accepted risk management standard ISO/IEC 27005. Next, you will arm yourself with skills to establish the business risk context, assess business risks, and perform risk treatment. Finally, you will be equipped with meaningful approaches to effectively communicate and monitor your organization's risk. When you're finished with this course, you will have the knowledge and blueprint to coordinate a widely accepted framework and to bolster your organization's information security program.

About the author
About the author

Taylor Jones is a Data Security Officer and security enthusiast/evangelist who loves to teach. Taylor is passionate about overcoming modern security challenges through meaningful solutions that reduce complexity and provide measurable risk reduction.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone! My name is Taylor Jones, and welcome to my course, Implementing and Performing Risk Management with ISO/IEC 27005. I'm a data security officer and information security and risk enthusiast. In this course, we are going to arm you with an internationally accepted and practical framework for orchestrating information security risk management in your organization. Some of the major topics that we will cover include defining risk criteria to evaluate and treat risk, conducting risk assessment to analyze threats and vulnerabilities in business processes and assets, continually monitoring and improving your risk management framework, and we'll walk through the ISO 27005 standard so you can better understand the value of this widely accepted framework. By the end of this course, you will have the knowledge and blueprint to establish and coordinate an information security risk management program. Before beginning this course, you should be familiar with fundamental information security principles including understanding common threats to confidentiality, integrity, and availability, and having basic knowledge of information security risk will be helpful. I hope you'll join me on this journey to learn information security risk management with the Implementing and Performing Risk Management with ISO/IEC 27005 course at Pluralsight.