(Click the image to access the webinar recording and the presentation deck)
Why are risk assessment and risk treatment important?
Implementation of information security usually includes a lot of changes in an organization – changes in technology, processes, responsibilities, etc. The problem is that most of the companies make these changes (they are normally called security controls or safeguards) in a non-systematic way – they do it because they wanted to fix some immediate problem, or because some new technology has arrived.
But this kind of approach brings two key problems: (1) it is very likely that many potential problems (i.e. risks) will not be addressed because the employees are simply not aware of them, and (2) the scope of changes will probably not be appropriate to the level of risk – very often the controls are either too big, or too small; the effect is that they either cost too much or that they don’t offer enough protection.
The solution to these problems is to perform an analysis before doing any implementation of controls – this is called risk management, which consists primarily of risk assessment and risk treatment. The purpose of risk management is to identify where the potential problems are, and then systematically mitigate those risks.
Register for this webinar to learn:
- The purpose of risk management
- Risk identification – assets, threats and vulnerabilities
- Risk analysis – how to assess impact and likelihood
- Risk treatment – the 4 options
- The process of risk management – from Risk assessment methodology to Risk treatment plan
About the training
This interactive live online training (via webinar) is designed to enable you to walk away with the knowledge of the basic building elements of risk assessment and treatment compliant with ISO 27001. This course offers compelling content, downloadable presentation deck and live engagement with an expert consultant with whom you can discuss how to resolve your specific implementation issues. You will experience the training right from your desk, eliminating travel costs and minimizing lost time away from your office.
The attendees must have a broadband Internet connection, and a computer with a headset or loudspeakers.
"Dejan is clearly a subject matter expert on Risk Analysis and Risk Management. His trainings are well designed and superbly and professionally delivered using the GoToTraining platform."
Bob Chaput, CEO at Clearwater Compliance LLC
Presented by:Dejan Kosutic
|Dejan Kosutic is the author of documentation toolkits at 27001Academy. He has long working experience both as tutor and as a consultant – he is Approved Tutor for ISMS Lead Auditor courses at SGS, and delivers various ISO 27001 and ISO 22301/BS 25999-2 in-person courses throughout Europe, as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium sized businesses including IT companies.
He has an MBA from Henley Management College, and is the holder of the following certificates: Certified Management Consultant, ISO/IEC 27001 Lead Auditor, Associate Business Continuity Professional, and ISO 9001 Lead Auditor.
27001Academy live online trainings: The knowledge you can apply right away.