Live online training via webinar
Risk Management Part 2: Risk treatment process, Statement of Applicability and Risk Treatment Plan
Risk treatment is the second part of the risk management, right after the risk assessment process – the purpose of risk treatment is, once you know where the risks are, to define how to control those risks.
During risk treatment the controls from ISO 27001 Annex A are usually selected as a means to decrease risk – while doing it, it is very important to balance between decreasing the risks and the cost of controls, because you may end up investing too much in a certain control while you may have had a cheaper alternative.
Statement of Applicability is the key document listing all the controls from Annex A – not only does it define which controls will be used, but it also defines what should those controls achieve, why they were selected etc. This document serves as the starting point for the implementation process of the controls.
Register for this webinar to learn:
- The requirements of ISO 27001 for risk treatment
- Where does risk treatment fit in information security management and PDCA cycle
- The purpose of Annex A controls
- How can ISO 27005 help you
- How to implement the risk treatment process in your organization and how to define the roles
- How to draw up the Statement of Applicability suited to your organization
- How to develop the Risk Treatment Plan for the implementation of the controls
- How to fill in the Risk Assessment Report
- How to accept residual risks
"Dejan is clearly a subject matter expert on Risk Analysis and Risk Management. His trainings are well designed and superbly and professionally delivered using the GoToTraining platform."
Bob Chaput, CEO at Clearwater Compliance LLC
Presented by: Dejan Kosutic
|Dejan Kosutic is the author of documentation toolkits and E-learning tutorials at Information Security & Business Continuity Academy. He has extensive working experience both as a tutor and as a consultant – he is an Approved Tutor for ISMS Lead Auditor courses at SGS, and delivers various ISO 27001 and ISO 22301/BS 25999-2 in-person courses throughout Europe, as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium-sized businesses including IT companies.
He has an MBA from Henley Management College, and is the holder of the following certificates: Certified Management Consultant, ISO/IEC 27001 Lead Auditor, Associate Business Continuity Professional, and ISO 9001 Lead Auditor.
IS&BCA live online trainings: The knowledge you can apply right away.