Show me desktop version

Free webinar – The basics of risk assessment and treatment according to ISO 27001

Register for this webinar to learn:

  • The purpose of risk management
  • Risk identification – assets, threats and vulnerabilities
  • Risk analysis – how to assess impact and likelihood
  • Risk treatment – the 4 options
  • The process of risk management – from Risk assessment methodology to Risk treatment plan

 

Upcoming Dates/Times:

Wednesday – November 19, 2014 

8:00 AM Los Angeles time /
11:00 AM New York time /
4:00 PM (16:00) London time /
5:00 PM (17:00) Brussels time /
9:30 PM (21:30) Mumbai time

Duration:  1 hour / Convert to your time zone

Can’t wait for the next live webinar? Watch the recording here.

 

What You Receive:

  • Training delivered by Dejan Kosutic, one of the leading experts for ISO27001 / ISO 22301
  • Download of presentation deck
  • Access to webinar recording

 

Target Audience:

This training is designed for professionals with little experience in information security risk management, including:

  • Chief Security Officers (CSOs)
  • Chief Information Security Officers (CISOs)
  • Risk managers
  • Compliance managers
  • Chief Information Officers (CIOs)
  • ISO 27001/information security consultants
  • ISO 27001/IT auditors
  • Members of top management responsible for information security
  • All information security practitioners

 

About the training:

This interactive live online training (via webinar) is designed to enable you to walk away with the knowledge of the basic building elements of risk assessment and treatment compliant with ISO 27001. This course offers compelling content, downloadable presentation deck and live engagement with an expert consultant with whom you can discuss how to resolve your specific implementation issues. You will experience the training right from your desk, eliminating travel costs and minimizing lost time away from your office.

101 seats already reserved

 


Why are risk assessment and risk treatment important?

 

Implementation of information security safeguards (also called security controls) usually includes lot of changes in an organization – changes in technology, processes, responsibilities, etc. The problem is that most of the companies make these changes in a non-systematic way – they do it because they wanted to fix some immediate problem, or because some new technology has arrived.

But this kind of approach brings two key problems: (1) it is very likely that many potential problems (i.e. risks) will not be addressed because the employees are simply not aware of them, and (2) the scope of changes will probably not be appropriate to the level of risk – very often the controls are either too big, or too small; the effect is that they either cost too much or that they don’t offer enough protection.

The solution to these issues is to perform an analysis before doing any implementation of controls – and this is what risk assessment is about. The purpose of risk assessment is to identify where the potential problems are, and then systematically mitigate those risks through the risk treatment process.