Information and supporting processes, systems and networks are important assets for many organizations. These assets are often exposed to a number of threats, as a result of which organizations run certain risks. This is because an organization may suffer serious consequences when a threat occurs. Think for example of loss of revenue, deteriorated competitiveness or reputation damage. Making and keeping these risks transparent is essential to guarantee the availability, integrity and confidentiality of information. Risk assessment is an important tool for doing this.
“A healthy and sensible consideration must be made between the risks, the measures to limit the likelihood of events and/or the impact of these events and the organisational interest.”
One of the most important parts of the information security policy of many organizations is the periodic execution of a risk assessment. Risks must be identified and, if necessary, measures must be taken to manage these risks. For the successful execution of a risk assessment it is not only necessary that the person who accompanies the assessment has the necessary knowledge of information security but also possesses the necessary skills.
In this training not only attention is paid to the necessary knowledge. The main focus is on the skills needed a practical approach with various stakeholders to define acceptable risk assessments and appropriate measures. The basis for the training is ISO 27005.
Benefits of the training Risk assesment:
- Use ISO 27005 as the basis for risk assessment.
- Learn to identify information security risks in a practical way.
- Learn how to select applicable measures.