ISO 27001: The risk assessment, control selection and risk treatment plan

In this webinar the discussion topics will be related to the risk assessment, control selection and risk treatment plan fordeveloping an Information Security Management system that is capable of accredited certification to ISO/IEC 27001:2005.

Areas Covered in the seminar:

• The requirements of ISO 27001 in respect of risk assessment
• BS7799-3:2005, the risk management standard
• Risk assessment: the core competence of ISMS implementation and maintenance
• Risk appetite and enterprise risk management framework
• Asset identification
• Asset ownership
• Business, legal and contractual requirements in respect of confidentiality, availability and integrity
• Threats
• Vulnerabilities
• Impacts
• Risk matrix
• Risk treatment decisions
• Selecting controls and the Statement of Applicability
• Gap Analysis and acceptance of residual risk
• The risk treatment plan
• Automating the risk assessment process

Who Will Benefit:

• Directors
• General managers
• IT Managers
• Chief Security Officers
• CISOs
• IT Security Managers and Project Managers
• Project Managers
• ITIL and ITSM professionals
• IT Security Professionals
• Quality Managers
• IT Project Managers
• Quality and Security Auditors - worldwide

Instructor Profile:

Alan Calder, , CEO of IT Governance Ltd and a global authority on information security management. He led the world’s first successful implementation of BS 7799 (the original predecessor of ISO 27001) and wrote (with Steve Watkins) the definitive compliance guide for this standard, ‘IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799’. The 3rd edition of this book is now the textbook for the UK Open University’s postgraduate course on Information Security. A US version of the book has also been recently published, with the title IT Governance: an Executive Guide to ISO 27001/ISO 17799.

Alan’s company, IT Governance Ltd, is a leading global authority on data security and IT governance for business and the public sector. It is the world’s most comprehensive publisher of and distributor for information, advice, guidance, books and tools for Governance, Risk Management and Compliance. It approaches IT security issues from a non-technology background and its customer base includes Europe, North America, India, the Middle East, Colombia, Russia, Japan, Taiwan, Australia and Guam.

Alan’s other books on information security and ISO 27001 include:

• Nine Steps to Success: an ISO 27001 Implementation Overview (ITGP, 2005)
• The Case for ISO 27001 (ITGP, 2005)
• ISO 27001 and ISO 17799: a Management Guide (van Haren, 2006)
• Implementing ISO 27001 and ISO 17799, a Management Guide (van Haren, 2006)
• His new book, Tomorrow’s IT Management System – integrating ITIL, ISO 20000 and ISO 27001, will be published by BSI in 2007

Follow us :