Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Information Security Risk Management for ISO 27001/ISO 27002

Packt via Coursera

Go to class Write review

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
In this course, you will gain essential skills in managing information security risks within the ISO 27001/27002 framework. Focused on risk assessment and control selection, this course will enable you to implement effective risk management strategies to protect sensitive data. You will learn how to assess, mitigate, and manage information security risks using ISO 27001/27002 standards. By the end, you'll have the tools to improve organizational security and ensure compliance with international standards. What sets this course apart is its practical approach, combining theoretical frameworks with real-world scenarios for immediate application in your workplace. This makes it ideal for professionals working in cybersecurity and risk management. This course is designed for IT security professionals, compliance officers, and project managers with a basic understanding of information security. A prior knowledge of ISO 27001 or ISO 27002 is recommended but not required. Copyright © IT Governance Ltd, 2007, 2010, 2019. The authors, Alan Calder and Steve G Watkins, have asserted their rights under the Copyright, Designs and Patents Act, 1988 to be identified as the authors of this work. Every possible effort has been made to ensure that the information contained in this course is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address: IT Governance Publishing Ltd Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely, Cambridgeshire CB7 4EA United Kingdom www.itgovernancepublishing.co.uk

Syllabus

  • Risk Management
    • In this section, we examine risk definitions from NIST and ISO 27000, focusing on impact, likelihood, and alignment with organizational objectives for effective information security management.
  • Risk Assessment Methodologies
    • In this section, we examine ISO 27001-compliant risk assessment methodologies, comparing qualitative and quantitative approaches to evaluate and manage information security risks effectively.
  • Risk Management Objectives
    • In this section, we cover risk assessment approaches and aligning risk strategies with organisational goals.
  • Roles and Responsibilities
    • In this section, we examine role definitions for risk management, focusing on ISO 27001 and ISO 27005 compliance to ensure clear responsibilities and authorities for information security tasks.
  • Risk Assessment Software
    • In this section, we explain how to choose risk assessment tools that support ISO 27001 compliance and streamline ISMS processes.
  • Information Security Policy and Scoping
    • In this section, we examine how information security policy and scope establish the framework for ISMS implementation, guiding risk assessment and aligning security activities with organizational objectives.
  • The ISO 27001 Risk Assessment
    • In this section, we examine the mandatory ISO 27001 risk assessment steps, compare them with codes like ISO 27002, and explore how to apply supplementary guidance for effective ISMS implementation.
  • Information Assets
    • In this section, we examine the identification and classification of information assets for risk assessment, focusing on sensitivity, ownership, dependencies, and control mapping within the ISMS scope.
  • Threats and Vulnerabilities
    • In this section, we explore threats and vulnerabilities, emphasizing their combined impact on information security. Understanding their relationship is critical for effective risk management.
  • Scenario-Based Risk Assessment
    • In this section, we compare asset-based and scenario-based risk methods, identify security-impacting scenarios, and assess event consequences using ISO 27000 definitions for effective risk management.
  • Impact Including Asset Valuation
    • In this section, we examine how to evaluate risk impacts on asset confidentiality, integrity, and availability, and categorize losses based on business, legal, and contractual factors for effective control prioritization.
  • Likelihood
    • In this section, we examine vulnerability exploitation likelihood, assess threat impact through defined scenarios, and align risk responses with organizational risk appetite for effective decision-making.
  • Risk Level
    • In this section, we examine how to calculate risk levels using impact and likelihood, categorize risks into low, medium, or high, and define thresholds for organizational risk management.
  • Risk Treatment and the Selection of Controls
    • In this section, we cover the four risk treatment options-avoid, retain, modify, and share-based on ISO 27001 guidelines.
  • The Statement of Applicability
    • In this section, we examine the Statement of Applicability (SoA) and its role in documenting control selections and justifications within an ISMS. Key concepts include risk treatment planning and control implementation mapping.
  • The Gap Analysis and Risk Treatment Plan
    • In this section, we examine gap analysis and risk treatment planning for ISO 27001 controls. It focuses on prioritising implementation based on risk levels and systematically addressing threats to critical systems.
  • Repeating and Reviewing the Risk Assessment
    • In this section, we examine the importance of continuous risk assessment reviews to maintain ISMS effectiveness, focusing on triggers, control evaluation, and alignment with evolving threats and compliance requirements.

Taught by

Packt - Course Instructors

Reviews

Start your review of Information Security Risk Management for ISO 27001/ISO 27002

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.