Google - Security Frameworks (30 min)

Google - Security Frameworks (30 min)

Google - Security Frameworks (30 min)

Advanced Risk Management

Buy nowLearn more

Course Motivation

0.0 Shifting from technical execution to strategic risk management.

The Strategic Imperative of the Security Function

IBM - Motivation for Risk Analysis in CyberSecurity (11 min)

Google - Security Frameworks (30 min)

Introduction: The Evolution of Security Management

1. Introduction to ISO/IEC 27005 and information security risk management

Introduction: The Evolution of Risk Management Standardisation

International Standardisation: ISO 31000 versus ISO 27005

The ISO Risk Management and other frameworks

The Psychology of Risk Perception and Decision-Making

The ISO 31000 Architecture: Principles, Framework, and Process

Review of Risk Assessment Methodologies (IEC 31010)

Scope, Context, and Criteria

Leadership, Governance, and Corporate Commitment

Quiz01 - Risk Management [Day01]

2. Information Security Risk Identification, Assessment, and Treatment (ISO/IEC 27005)

Delayed 1 day

Identification and description of information security risks

Identification of risk owners

Assessment of potential consequences

Determination of risk levels

Comparison of risk analysis results with established risk management criteria

Risk prioritization

Determination of required controls for risk treatment

Risk treatment plan

Quiz02 - Risk Identification, Assessment and Treatment [day2]

3 - Risk Acceptance, Communication, Monitoring and Review

Delayed 2 days

Key Take aways (Module 01 - Module 02)

Quiz03 - Recap - Session 1 & 2

Communication and Consultation of Results

Documentation of the Risk Analysis Process

Documentation of Results

Monitoring of Risk-Generating Factors

Deep Dive: Navigating Complexity with ISO/TS 31050 and the Risk Intelligence Cycle

Future-Looking Challenges for Risk Management and ISO/IEC 27005

4 - Risk Assessment Methodologies

Delayed 3 days

The Methodological Shift: Transcending Traditional Frameworks

Technique 1: STRIDE for Cloud and PaaS Architectures

Technique 2: Subjective Evaluation of Opaque AI Risks

FMEA, Red Teaming, and Risk Register Integration

Risk Monitoring Processes

Part B: Procedure to Execute an FMEA Analysis

05 - ISO 27005 Risk Assessment Using FMEA

Delayed 4 days

Process Overview - Lab: AI and Cloud Services

Quiz - Simulation exam

Quiz - summary