ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.

Benefits of ISO/IEC 27001 Information Security Management:

• Understood the Information Security Management System implementation process.
• Provide continual prevention and assessments of threats within your organization.
• Higher chances of being distinguished or hired in an Information Security career.
• Understood the risk management process, controls, and compliance obligations.
• Acquired the necessary expertise to manage a team to implement an ISMS.
• The ability to support organizations in the continual improvement process of their Information Security Management System.
• Gained the necessary skills to audit organization’s Information Security Management System.

Risk Assessment Methods

What are Risk Assessment Methods?

Understanding how to effectively assess risk may be a challenge for many industries. The risk assessment methods: OCTAVE, EBIOS, and MEHARI.

OCTAVE – Operationally Critical Threat, Asset, and Vulnerability Evaluation were developed by the Computer Emergency Response Team (CERT), and it was funded by the US Department of Defense. This risk assessment tool is used to help prepare organizations for security strategic assessments and planning for their information.

EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité, was developed by the French Central Information Systems Security Division. The goal of this risk assessment tool is to assess and treat risks with an IS, which would result in assisting the management decision-making, and guide stakeholders to find a mutual set of discussions.

MEHARI - Methode Harmonisee d’Analyse de Risques, was developed by CLUSIF, a non-profit Information Security organization. The goal of this risk assessment tool is to mostly to provide guidelines for ISO/IEC 27005 Implementation and analyze scenario-based risks landscapes for short-long term security management.

Benefits of Risk Assessment Methods

• To learn the concepts, methods, and practices allowing an effective risk management based on ISO 27005.
• To put into practice the requirements of ISO 27001 on information security risk management.
• To develop the skills needed to perform a risk assessment with the OCTAVE, EBIOS, and MEHARI techniques.
• To obtain the ability to effectively guide organizations on the best practices in information security risk management.
• To obtain the ability to effectively implement and manage an continuing information security risk management process.

ISO/IEC 27005 Information Security Risk Management

ISO/IEC 27005 provides guidelines for the establishment of a systematic approach to Information Security risk management which is necessary to identify organizational needs regarding information security requirements and to create an effective information security management system. Moreover, this international standard supports ISO/IEC 27001 concepts and is designed to assist an efficient implementation of information security based on a risk management approach.

ISO/IEC 27005 Certificate will prove that you have:

• Gained the necessary skills to support an effective implementation of an information security risk management process in an organization.
• Acquired the expertise to responsibly manage an information security risk management process and ensure conformity with legal and regulatory requirements.
• The ability to manage an information security and risk management team.
• The ability to support an organization to align their ISMS objectives with ISRM process objectives.

ISO/IEC 27002 Code of Practice for Information Security Controls

ISO/IEC 27002 is an international standard that gives guidelines for the best Information Security management practices. These management practices will help your organizations to build confidence in their inter-organizational activities and implement a suitable set of controls, including policies, processes, organizational structures and software and hardware functions. This standard is a generic document used as a reference for selecting controls within the process of Information Security Management System implementation. ISO/IEC 27002 is intended to be used by all types of organizations, including public and private sectors, commercial and non-profit and any other organization which faces information security risks.

Benefits of ISO/IEC 27002:

• Understood the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002.
• Understood the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance and human behavior.
• Gained the necessary skills to support an organization in implementing and managing ongoing Information Security controls based on ISO/IEC 27002.
• The ability to perform periodic risk assessment in an organization.
• The ability to help organizations improve the Information Security posture.
• The ability to draft and implement cost optimization strategies.