Leader in the cybersecurity training sector.

Contact

PECB CERTIFIED ISO/IEC 27005 WITH MEHARI

Catégorie
Satisfaction rate
4.5
Success rate
5

MASTER THE ASSESSMENT AND OPTIMUM MANAGEMENT OF INFORMATION SECURITY RISK, IN COMPLIANCE WITH ISO/IEC 27005, USING THE MEHARI METHOD

The target audience for training

  • Risk managers
  • Those responsible for information security or compliance within an organisation
  • Members of an information security team 
  • IT consultants
  • Staff responsible for implementing or wishing to comply with the ISO/IEC 27001 standard or involved in a risk management programme that complies with the MEHARI method.

What you will learn

During this intensive five-day course, participants will develop the skills to master the fundamentals of risk management for all relevant information security assets, using the ISO/IEC 27005:2011 standard as a reference framework and the MEHARI method. The MEHARI method was developed by the "Club de la Sécurité des Systèmes d'Information Français" (CLUSIF) in France. Through practical exercises and case studies, participants will acquire the knowledge and skills needed to carry out an optimal information security risk assessment and to manage risks in a timely manner, by familiarising themselves with their lifecycle.

This training is perfectly aligned with the process of implementing the ISO/IEC 27001:2005 framework.

Training programme

  • Duration: 5 days
  • Risk management concepts and definitions
  • Risk management standards, frameworks and methodologies
  • Implementation of an information security risk management programme
  • Understanding the organisation and its context
  • Risk identification 
  • Risk analysis and assessment
  • Quantitative risk assessment Risk treatment
  • Risk acceptance and residual risk management
  • Information security risk communication and consultation
  • Risk monitoring and review
  • Certified ISO/IEC 27005 Risk Manager exam (2 hours)
  • Presentation of the MEHARI method
  • Assessing and classifying problems
  • Process overview
  • The value chain for failures
  • Classification of resources
  • Vulnerability assessment
  • Qualities of the security service
  • Measuring the quality of a safety service
  • Assessment process
  • Risk assessment
  • Safety plan and procedures
  • Tools to support the implementation of the MEHARI method
  • MEHARI advanced" exam (2 hours)

PECB (Examination and Certification Program (ECP)). The examinations cover the following areas of competence:

  •  Area 1: Fundamental concepts, approaches, methods and techniques of risk management for the safety of
    information
  • Area 2 Information security: Implementation of an information security risk management programme
  • Area 3: ISO/IEC 27005-compliant information security risk assessment
  • Area 4: Treatment of information security risks in accordance with MEHARI.
  • Area 5: Information security risk communication, monitoring and improvement in accordance with MEHARI

 

Examinations "PECB Certified ISO/IEC 27005 Risk Manager and "MEHARI" are available in several languages.
For information on the languages of the exam, please contact examination@pecb.com.)

Duration: The ISO/IEC 27005 Risk Manager and MEHARI examinations last 2 hours

Training objectives

  • Understand the concepts, approaches, methods and techniques for effective risk management in accordance with ISO/IEC 27005
  • Interpreting the requirements of ISO/IEC 27001 for information security management
  • Acquire the skills needed to carry out a risk assessment using the MEHARI method
  • Mastering the steps involved in conducting a risk assessment using the MEHARI method
  • Understand the relationship between information security risk management, security measures and compliance with other requirements of different stakeholders in an organisation
  • Acquire the skills needed to implement, maintain and manage an information security risk management programme in accordance with the ISO/IEC 27005 standard
  • Acquire the skills to advise organisations effectively on best practice in information security risk management

Training prerequisites

  • Knowledge of the fundamental principles of cybersecurity.
  • Understanding the basic concepts of information systems.
  • Professional experience in the field of information security is a plus, although not compulsory.
  • Familiarity with ISO/IEC 27001 and ISO/IEC 27005 is useful, but not essential.
See the brochure for this course

Examination guide

Download the exam guide

  • Level : Fundamental
  • Certification body : 0
  • Certification: Yes
  • Accessibility : Yes
  • Duration: 5 days
Contact us
Book Now

Important information:

Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).

Réserver l’événement

icône Form/calendar icon
icône Form/ticket icon
icône Form/up small icon icône Form/down small icon
Billets disponibles: Illimité
Le billet de "" est épuisé. Vous pouvez essayer un autre billet ou une autre date.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Information request

I would like more information about your training courses

ACG Cyberacademy collects and uses the data provided via this form in order to process your registration requests. Fields marked with an * are required. The other information enables us to optimise the follow-up of your request and the quality of our customer relations.