Day 1: Introduction, risk management program according to ISO 27005
Concepts and definitions related to risk management
Risk management standards, frameworks and methodologies
Implementation of an information security risk management program
Understanding an organization and its context
Day 2: Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005
Risk identification
Risk analysis and risk evaluation
Risk assessment with a quantitative method
Risk treatment
Risk acceptance and residual risk management
Information Security Risk Communication and Consultation
Risk monitoring and review
Day 3: Exam and Start of a risk assessment with EBIOS
Certified ISO/IEC 27005 Risk Manager Exam (2 hours)
Presentation of EBIOS
Phase 1 - Context establishment
Phase 2 – Feared security event analysis
Phase 3 – Threat scenarios analysis
Day 4: Completing a risk assessment with EBIOS
Phase 4 – Risk analysis
Phase 5 - Determination of security controls
Risk assessment with EBIOS software
Workshop with case studies
Day 5: Workshop with case studies and EBIOS exam
Workshop with case studies
EBIOS Advanced exam (3 hours)
"Taken from PECB <https://pecb.com