ISO 27005 Training - Canada

ISO 27005 Foundation Course Outline

ISO 27005 Foundation is a one-day course. During this course, the delegates will be able to learn about various methods and techniques for mitigation associated with information in compliance with the standard.

The following modules are taught during this course:

Module 1: Introduction to ISO 27005 Standard

• Core concepts, key definitions and background
• Quality Management System (QMS)
• Role and importance
• Understanding the situation in an organisation
• Reviewing and monitoring
• Octave method
• EBIOS method
• MEHARI
• Harmonised Tra method

Module 2: Interaction With Other ISOs

• How ISO 27005 interacts with ISO 9001
• How ISO 27005 interacts with ISO 27001
• Quantifying the business impact
• Impact severity

ISO 27005 Internal Auditor Course Outline

The following subjects will be taught during this course:

Module 1: Introduction to ISO 27005 Standard

• Core concepts, key definitions and background
• Quality Management System (QMS)
• Role and importance
• Understanding the situation in an organisation
• Reviewing and monitoring
• Octave method
• EBIOS method
• MEHARI
• Harmonised Tra method

Module 2: Interaction With Other ISOs

• How ISO 27005 interacts with ISO 9001
• How ISO 27005 interacts with ISO 27001
• Quantifying the business impact
• Impact severity

Module 3: Planning Individual Internal Audits

• Internal audit approach
• Risk assurance mapping
• Audit plan
• Research the audit area
• Conduct process walk-throughs
• Map risks to the organisation, process, or function
• Obtain data prior to fieldwork

Module 4: Conducting the Internal Audit and Handling the Interview Process

• Decide what you want to achieve
• Identify risks and review objectives
• Plan and audit activities
• Validate the facts and complete the work
• Develop a deliverable or report that will drive action
• Follow up

Module 5: Understanding Quality Management Principles in an Internal Audit

Module 6: Preparation of an ISO 27005 Audit

Module 7: Conducting an ISO 27005 Audit

Module 8: Closing an ISO 27005 Audit

Module 9: Managing an ISO 27005 Audit Program

ISO 27005 Lead Implementer​ ​Course Outline

This course will cover the following topics:

Module 1: Introduction to ISO 27005 Standard

• Core concepts, key definitions and background
• Quality Management System (QMS)
• Role and importance
• Understanding the situation in an organisation
• Reviewing and monitoring
• Octave method
• EBIOS method
• MEHARI
• Harmonised Tra method

Module 2: Interaction With Other ISOs

• How ISO 27005 interacts with ISO 9001
• How ISO 27005 interacts with ISO 27001
• Quantifying the business impact
• Impact severity

Module 3: Planning Individual Internal Audits

• Internal audit approach
• Risk assurance mapping
• Audit plan
• Research the audit area
• Conduct process walk-throughs
• Map risks to the organisation, process, or function
• Obtain data prior to fieldwork

Module 4: Conducting the Internal Audit and Handling the Interview Process

• Decide what you want to achieve
• Identify risks and review objectives
• Plan and audit activities
• Validate the facts and complete the work
• Develop a deliverable or report that will drive action
• Follow up

Module 5: Understanding Quality Management Principles in an Internal Audit

Module 6: Preparation of an ISO 27005 Audit

Module 7: Conducting an ISO 27005 Audit

Module 8: Closing an ISO 27005 Audit

Module 9: Managing an ISO 27005 Audit Program

Module 9: Managing an ISO 27005 Audit Program

Module 10: Key Concepts, Terminology and Definitions for Lead Implementer

Module 11: Introduction to Risk Management

• Monitoring and reviewing potential risks
• Risk management methodologies
• Information Security risk management framework and process model
• Information assets classification, identification and threats
• Threat vulnerabilities
  • Controls
  • Controlling vulnerabilities
  • Vulnerability categories
  • Vulnerability sources
  • The consequences of vulnerabilities
  • Incident scenarios
• Types of vulnerabilities
• Methods for risk assessment
• Scales and simple calculations
• Acceptance strategies
• Improvement of risk assessment and risk management
• Implementation of risk management programs
• Risk communication and consultation
  • Communicating risk – an overview
  • The six principles of risk communication
  • Accurate communication
  • Risk communication procedures

Module 12: Risk Identification and Analysis

• Risk analysis and scoring
• Risk identification
• Risk estimation
• Risk estimation methodologies
• Risk estimation components
• Risk assessment techniques
• Assumptions analysis
• Checklist analysis
• SWOT analysis
• Prompt lists
• Interviewing and brainstorming

Module 13: Role and Responsibilities of a Risk Manager

• Risk acceptance and making changes accordingly
• About information security
• Types of risks and associated threats
• Security controls and measures
• Scope and boundaries of process
• Understand the organisation
• Know about constraints that affect an organisation
• Impact of risks
• Handling the information security risk management team
• Train and make employees aware of risks

Module 14: Identifying, Evaluating and Treating Risks Specified in ISO 27005

• Risk treatment
• Mitigating control measures
• Risk analysis tools & evaluation