PECB ISO/IEC 27005 Risk Manager (inglise keeles)
Koolituse maht: 32 akadeemilist tundi (4 päeva).
*kellaaegade osas palun esita päring, kuna koolitaja ei pruugi viibida samas ajavööndis.
Koolitust on võimalik läbida ka e-õppe vormis. Vastav info asub SIIN
Sihtgrupp:
- Managers or consultants involved in or responsible for information security in an organization
- Individuals responsible for managing information security risks
- Members of information security teams, IT professionals, and privacy officers
- Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
- Project managers, consultants, or expert advisers seeking to master the management of information security risks
Koolitusel osalemise eeldus: Inglise keele oskus, arvuti kasutamise oskus baastasemel. Kasuks tuleb kogemus infoturbe ja/või riskijuhtimise valdkonnas.
Koolituse kirjeldus
The ISO/IEC 27005 Risk Manager training course enables participants to understand the process of developing, establishing, maintaining, and improving an information security risk management framework based on the guidelines of ISO/IEC 27005.
The ISO/IEC 27005 Risk Manager training course provides valuable information on risk management concepts and principles outlined by ISO/IEC 27005 and also ISO 31000. The training course provides participants with the necessary knowledge and skills to identify, evaluate, analyze, treat, and communicate information security risks based on ISO/IEC 27005. Furthermore, the training course provides an overview of other best risk assessment methods, such as OCTAVE, MEHARI, EBIOS, NIST, CRAMM, and Harmonized TRA.
Educational approach
- The training course is based on the theory and the best practices of information security.
- The training course provides practical examples and scenarios.
- Participants are encouraged to actively participate and engage in discussions and exercises and quizzes.
- Quizzes are similar in structure with the certification exam.
Koolitusele järgneval päeval on võimalik sooritada rahvusvaheline sertifikaadieksam (inglise keeles). Positiivse eksamitulemuse olemasolul ja töökogemuse tingimuste täitmisel on osalejatel võimalik omandada rahvusvaheliselt tunnustatud sertifikaat.
Lisainfot koolituse ja eksami kohta leiad ka SIIT
Teemad:
- Day 1: Introduction to ISO/IEC 27005 and risk management
- Day 2: Risk assessment, risk treatment, and risk communication and consultation based on ISO/IEC 27005
- Day 3: Risk recording and reporting, monitoring and review, and risk assessment methods
Koolituse õpiväljundid
Upon the successful completion of this training course, you will be able to:
- Explain the risk management concepts and principles outlined by ISO/IEC 27005 and ISO 31000
- Establish, maintain, and improve an information security risk management framework based on the guidelines of ISO/IEC 27005
- Apply information security risk management processes based on the guidelines of ISO/IEC 27005
- Plan and establish risk communication and consultation activities
Eksam
The “PECB Certified ISO/IEC 27005 Risk Manager” exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:
- Domain 1: Fundamental principles and concepts of information security risk management
- Domain 2: Implementation of an information security risk management program
- Domain 3: Information security risk management framework and processes based on ISO/IEC 27005
- Domain 4: Other information security risk assessment methods
- Certification fees and examination fees are included in the price of the training course.
- Participants of the training course will receive over 350 pages of training materials, containing valuable information and practical examples.
- Participants of the training course will receive an attestation of course completion worth 21 CPD (Continuing Professional Development) credits.
- Participants who have completed the training course and failed to pass the exam, are eligible to retake it once for free within a 12-month period from the initial date of the exam.
Koolitushind sisaldab:
- certification and examination fees are included in the price of the training course;
- participants will be provided with the training course material containing over 450 pages of explanatory information, examples, best practices, exercises, and quizzes;
- an attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course;
- in case candidates fail the exam, they can retake it within 12 months following the initial attempt for free.
Koolituse lõpetamise tingimused: koolituse lõppedes väljastab koolituskeskus koolituse läbinule tunnistuse või tõendi. Koolituse lõppedes väljastatakse tunnistus, kui on täidetud õppekava mahust vähemalt 80% igast teemast ja teised koolituskavast tulenevad nõuded (nt eksam, arvestus, praktiline töö jms). Tõend täienduskoolituses osalemise või selle läbimise kohta väljastatakse isikule juhul, kui koolituse käigus ei hinnatud õpiväljundite saavutatust või kui isik ei saavutanud kõiki õppekava lõpetamiseks nõutud õpiväljundeid.
Õppekeskkonna kirjeldus: õppekorralduse alused (alapunkt 8)
Täienduskoolituse õppekavarühm: andmebaaside ja võrgu disain ning haldus (0612 ISCED)
Koolitaja
-
Andro Kull
Andro Kull during his career, has worked in both sectors, public and private. In the previous years he has worked for the financial sector with regards to IT and information security, and for the energy sector with regards to IT risks, where security and continuity demands are very high. Kull started his career as IT specialist and IT manager, and has worked extensively as IT auditor and as IT risk manager for one of the largest company in Estonia. At the same time, he founded a small consulting company and managed projects related to IT risk assessment, the implementation of security measures, business continuity planning (BC), planning for recovery (DR), and crisis management mostly in public sector organizations.
The international environment is not new to Andro Kull, since he has participated in the European Central Bank internet payment security working group. Kull has been cooperating with the IT banking supervisors on an international level. Furthermore, he has organized one international conference in Tallinn. In addition, he has worked for European Union DG Connect as advisor connected with IT risk management recommendations development.
Andro Kull holds a PhD degree from the University of Tampere, concentrating on the IT oversight and compliance verification methodologies, and he currently is lecturing IT risk and information security management issues at the University of Tallinn.