The fourth course in the PCA program is PECB ISO/IEC 27005 Foundations. ISO/IEC 27005 provides guidelines for the establishment of a systematic approach to Information Security risk management which is necessary to identify organizational needs regarding information security requirements and to create an effective information security management system. Moreover, this international standard supports ISO/IEC 27001 concepts and is designed to assist an efficient implementation of information security based on a risk management approach.
By attending this certification course, participants will learn more about the structure of the standard including information security risk assessment, treatment, acceptance, communication and consultation, and monitoring and review. They will also gain basic knowledge related to information security risk management based on other standards such as ISO/IEC 27001 and ISO 31000.
- Understand the basic concepts of information security risk management
- Acknowledge the correlation between ISO/IEC 27005, ISO 31000, ISO/IEC 27001, and other standards and regulatory frameworks
- Understand the approaches, methods, and techniques used for the management of information security risks
- This training course includes essay-type exercises, multiple-choice quizzes, examples and best practices used in information security risk management.
- The participants are encouraged to intercommunicate and engage in discussion and the completion of quizzes and exercises.
- Quizzes are similar to the certification exam.