ISO 27005 Risk Manager ou Information Security Risk Manager

	See also...  Organization of the courses  Training sessions planning  General presentation of our ISO 27001 services  Gestion des risques avancée    ISO 27001 Lead Auditor  Gestion des mesures de sécurité et norme ISO 27002  Certification by LSTI
Goals  International recognition  Duration  Instructor(s)  Pre-requisite for attendants  Teaching method  Related courses  Material  Agenda  Methods of inscription

Dates of the coming sessions: 18-20 January 2012 (Paris) 27-29 February 2012 (Paris) 16-18 April 2012 (Paris) 9-11 May 2012 (Luxembourg) 21-23 May 2012 (Toulouse) 29-31 May 2012 (Paris) 25-27 June 2012 (Nice) 2-4 July 2012 (Paris) 3-5 September 2012 (Paris) 8-10 October 2012 (Paris) 19-21 November 2012 (Paris) 17-19 December 2012 (Paris) Dates subject to modification without prior notice. The sessions will only take place if the number of registered attendants is high enough.

The training will focus on information systems security risks and how to assess and analyse them.

Certifying ISO 27005 Risk Manager (Information Security Risk Manager) course explain the ISO 27005 standard more globally information security risk management. This course allows you to pratically run by yourself the risk management process and to manage it's lifecycle.

In details, goals of the courses follaws :

• Learn to implement the ISO 27005 standard as well as others risk management methodologies in any situation
• Describe the risk management process and it's lifecyle
• Give to the trainee all means to run and complete a risk assessment by himself
• Communicate the ressources and tools available to implement the best risk management
• Prepare the candidate to the certification exam

The training by HSC and the examination by LSTI are internationally recognized, on the same level as the other trainings and examinations available on the market.
For more information, see the page Certification by LSTI. The ISO 27005 standard "Information Security Risk Management" has been published on June 4, 2008 by ISO. This detailed method for information security risk management reflect the international concensus on the topic. The standard is pragmatic and complete, usable in any cases, and recommanded in the case of the set up of an ISMS following the ISO 27001 standard. ISO 27005 is inspired by existing previous methodologies, first of all the EBIOS v2 methodology from the french DCSSI, and also the british BS7799-3 and australian AS/NZS 4360. The Information Security Risk Management course from HSC is similar to equivalent courses based upon EBIOS, Mehari or Actave, however the HSC courses is based upon ISO 27005 wich is the internationale reference.

For un introduction to the ISO 27005 standard, look at the article published in GlobalSecurityMag in july 2008 (in french).
http://www.hsc.fr/ressources/articles/globalsecuritymag_iso27005/

3 days.

This training is given by:

• Hervé Schauer (Herve.Schauer@hsc.fr)
• ISO27001 Lead Auditor certified by LSTI
• ISO27001 Lead Implementer certified by LSTI
• ISO27005 Risk Manager certified by LSTI
• ProCSSI certified
• CISSP, ITIL certified
• Registered as ISMS Provisional Auditor by RABQSA under the number 105219
• Participating to the normalization in security at AFNOR since 1990 and at CN27 since its creation in 1993
• Member of the ISO 27001 group of the Clusif, working on measurements and metrics (ISO 27004)
• Former member of the Club EBIOS
• Host of Club 27001
• Benjamin Arnault (Benjamin.Arnault@hsc.fr)
• ISO27001 Lead Auditor certified by LSTI
• ISO27001 Lead Implementer certified by LSTI
• ISO27005 Risk Manager by LSTI
• CISSP, GIAC GCFA and GIAC GCWN certified
• ITIL Fundation certified
• ISO20000-1 Lead Auditor certified by LSTI
• QSA certified by PCI Council
• Member of "Club 27001"
• Mikael Smaha (Mikael.Smaha@hsc.fr)
• ISO27001 Lead Auditor certified by LSTI
• ISO27001 Lead Implementer certified by LSTI
• ISO27005 Risk Manager certified by LSTI
• Julien Levrard (Julien.Levrard@hsc.fr)
• ISO27001 Lead Auditor certified by KPMG Audit Plc and LSTI
• ISO27001 Lead Implementer certified by LSTI
• ISO27005 Risk Manager by LSTI
• ITIL V3 certified
• CISA certified
• QSA certified by PCI Council
• Quentin Gaumer (Quentin.Gaumer@hsc.fr)
• ISO27001 Lead Auditor certified by LSTI
• ISO27001 Lead Implementer certified by LSTI
• ISO27005 Risk Manager certified by LSTI
• Christophe Renard (Christophe.Renard@hsc.fr)
• ISO27001 Lead Auditor certified by LSTI
• ISO27001 Lead Implementer certified by LSTI
• ISO27005 Risk Manager certified by LSTI

The course "ISO 27005 Risk Manager" is targeted to anyone willing to control the ISO 27005 standard or gaining ISO 27005 certification. This course is targeted to anyone needing to run an information risk assessment particularly on information systems. This training is designe to fit into an Information Security Management System implementation process. This training is perfectly suited for CISOs and information security consultants. To follow this course it is recommanded to get basic knowledge in computer security.

The pedagogic method is based upon the five following practices :

• Authoritative course based upon ISO 27005 standard, with some references to ISO 27001 standard
• Good use of standards and methodologies available
• Construction of risk assessment tables reusable from any spreadsheet such as Excel
• Examples and real cases studies
• practical group and individual exercises

• Individual exercises to review and be prepared for the examination.
• Practical group and individual exercises, based on real audit cases, with oral presentation.
• One role game auditor / audited.

Gestion des risques avancée
ISO 27001 Lead Auditor

Gestion des mesures de sécurité et norme ISO 27002
Formation RSSI

The course is fully delivered in french and in french only. Course material include slides in French, exercices in french, exercices corrections in french, and all others documents in french or english necessary for the course. Electronic version of Excel files and corrections are delivered on an USB memory key.

Introduction :

• Welcome
• Objectives

• Identity an asset, a threat and a vulnerability
• Identify risk
• Value risks following CIA criterias (Confidentiality, Integrity, Availability)
• Risk treatment
• Residual risk notion

• Process management
• Cost integration
• Sensibilisation of affected parties
• Communication around the project
• Lifecycle and continual improvement (PDCA model)

• Common mistakes
• Tools
• Generic advices

For registering an HSC course, please contact our training department by phone : +33 141 409 704 or by email at formations@hsc.fr, with first and last name of every student, your postal address and your company VAT number. Thoses informations enable us to send your the training agreement. The training agreement must be return agreed with signature and company stamp with you purchase order, at least 6 days before the course. The purchase order should precise your billing address and our payment regulations : net 30 days from our invoice date. Registration is completed as soon as we received those two documents.