This training presents the principles and best practices of risk management according to ISO/IEC 27005, as well as the procedure for the practical implementation of a sustainable risk analysis approach in a company following this methodology. Additional standards for DPIA are also covered. The general principles from ISO 31000, 31004 and 31010 and from ISO/IEC 29134 are introduced before concretizing them for the specific risks related to information. The set of processes and requirements of ISO/IEC 27005 are detailed and illustrated through presenting methodologies for analysis using concrete case studies. By using two different methods, TRICK Service and MONARC, the course provides an introductory training and tackles many practical aspects when applying risk management. This training includes 2.5 days of classroom lessons and 0.5 day for an optional exam.
* Data Protection Impact Assessment (DPIA)