ISO 27005 Risk Manager

Mestring av risikovurdering og optimal risikostyring med ISO 27005 standarden og metoden OCTAVE.Dette intensive kurset lærer deg å mestre de grunnleggende elementene innen risikoanalyse og risikostyring relatert til alle verdier som er relevant i forhold til informasjonssikkerhet.

Gjennom praktiske øvelser og case studies vil du tilegne deg nødvendig kunnskap og lære metodene for å gjennomføre en risikovurdering av informasjonssikkerhet på en optimal måte. Dette kurset passer perfekt inn i rammeverket for prosessen med implementering av et styringssystem ihht ISO 27001.Kurset kan velges i ulike moduler med ulik varighet (se beskrivelse nedenfor), avhengig av om du også ønsker å lære deg å bruke metoden OCTAVE med ISO 27005 standarden som rammeverk. OCTAVE metoden er utviklet av CERT.

Kurset kan tas i ulike modulvarianter:

  • Modul 1: 2 dagers ISO 27005 Risk Manager - med kurs mandag og tirsdag, og 2-timers eksamen på fredag samme uken.
  • Modul 2: 2 dagers kurs - onsdag og torsdag - OCTAVE
  • Modul 3: 5 dagers kurs hvor en kombinerer modul 1 og 3

 

Kursets dag 3 og 4 (modul 2) tar utgangspunkt i OCTAVE metoden med ISO 27005 standarden som rammeverk. OCTAVE metoden er utviklet av CERT.

 

Mål med kurset

ISO 27005 Risk Manager (Modul 1)

Etter fullført kurs vil du kunne:

  • Forstå konsepter, fremgangsmåter, metoder og teknikker for effektiv risikostyring iht. ISO 27005
  •  Tolke kravene i ISO 27001 i forhold til risikostyring
  •  Utvikle nødvendig kunnskap for å gjennomføre risikovurdering med OCTAVE metoden
  •  Beherske de enkelte stegene i prosessen for risikovurdering med OCTAVE metoden
  •  Forstå forholdet mellom risikostyring, kontroller og etterlevelse av standarder ihht krav i virksomheten
  •  Implementere, vedlikeholde og styre et aktivt risikostyringsprogram ihht ISO 27005
  •  Ha kompetanse til å gi effektiv rådgivning på best praksis for risikostyring innen informasjonssikkerhet.

OCTAVE (Modul 2)

Tar du også OCTAVE delen lærer du også å:

  • Utvikle nødvendig kunnskap for å gjennomføre risikovurderinger med OCTAVE metoden
  • Beherske de enkelte stegene i prosessen for risikovurdering med OCTAVE metoden

Tas kurset med modul 2 går det over 5 dager med avsluttende eksamen siste dag. Kurset gir CPE poeng.

Hovedemner

ISO 27005 Risk Manager (Modul 1)

  • Introduksjon, program for risikostyring, risikoidentifisering og vurdering ihht ISO 27005
  • Risikovurdering, behandling, kommunikasjon og overvåking ihht ISO 27005
  • Implementering, tilpasning, tilnærming og konklusjon

OCTAVE (Modul 2)

  • Oppstart av risikovurdering med OCTAVE, oversikt over prosessene.
    • Vurdering av sårbarheter og risiko ihht OCTAVE

Målgruppe for kurset

      • Deg som er ansvarlig for risikostyring i virksomheten
      • Deg som er ansvarlig for informasjonssikkerhet
      • Medlemmer i sikkerhetsteam
      • IT konsulenter med fokus på sikkerhet
      • Deltagere i prosjekt for implementering av styringssystem ihht ISO 27001

Kursmateriell

Kursavgiften inkluderer dokumentasjon, kursbevis, eksamensavgift (gjeler ikke modul 2), lunsj, kaffe/te.

Eksamen/ sertifisering

Eksamen varer 2 timer og avholdes siste kursdag fra kl. 9- 11.

 

Informasjon

Personlig informasjon

Adresseinformasjon

Ytterlig informasjon

Betingelser og vilkår

This notice explains how Combitech, collects, uses, discloses, transfers and stores and personal data relating to you, such as your name, address, etc. (“Personal data”)

Why do we collect your Personal Data

The purpose of Combitech´s processing of your Personal Data in relation to the course is (i) to be able to handle the administration around the course, (ii) to facilitate current and/or future engagements between Combitech and you or your employer (iii) and to update you about other upcoming courses.

What Personal Data do we collect from you and what do we do with it? 

The Personal Data collected by Combitech includes name, address, email address, telephone/mobile phone number, and food preferences. This Personal Data will be registered in Combitech’s Event Management System.  We also collect social security number (or for if you don’t have a Swedish social security number - citizenship and passport number) for access to the location where the event is held.

What is Combitech’s legal basis for the processing of your Personal Data?

Combitech’s processing of your Personal Data in our Event Management Systems is based on legal contract between you and Combitech. When registering, you are entering into a legal binding contract with Combitech. 

Combitech’s processing of your Personal Data in our Event Management Systems is also based on the legitimate interests pursued by Combitech. 

This means that Combitech is of the view that its interest in processing your Personal Data for the purposes listed above prevails the privacy violation that you are exposed to as a result of the processing. This conclusion from our balance of interest test is made especially due to the fact that (i) it is crucial for Combitech to process contact information to a representative of Combitech’s customers to facilitate our customer engagements; (ii) that the processing of your Personal Data is limited to the extent possible; and (iii) that you at any time may choose to opt-out from receiving communication from Combitech.

Legal basis for collecting social security number is for Combitech to fulfil a legal obligation when giving you access to the location for this event.

Who might we share your Personal Data with? 

Your Personal Data will be used by Combitech. Combitech will also share your Personal Data with suppliers and partners that carry out services on Combitech’s behalf such as different course responsibles.

How long do we keep your Personal Data? 

Combitech will store your Personal Data for a period of two years after your and/or your employer’s most recent interaction with Combitech. Combitech may, instead of destroying or erasing your Personal Data, make it anonymous such that it cannot be associated with or tracked back to you in any way. Personal data collected to fulfil a legal obligation will be stored for the envisaged time. 

What are your rights? 

If your Personal Data are incorrect or needs to be updated you may at any time request that we correct or update the Personal Data by contacting the controller (please find contact details below). You may also contact us if you no longer would like us to process your Personal Data, if you would prefer us to restrict our processing in any manner or if you no longer wish to receive information about Combitech’s products (We still need to process your personal data if you want to go one of our courses. If you don´t want us to process your personal data in relation to the course, you need to unregister from the course). We will then delete your Personal Data from our systems or restrict our processing of your Personal Data. [Please note however, that an erasure of your Personal Data or a restriction of our processing of your Personal Data may mean that we will not be able to provide our services to you, wholly or partially]. In addition, you may receive a copy of the Personal Data relating to you and information regarding our processing of such personal data by applying to the controller in writing. In such case, we will provide your Personal Data to you in a commonly used data format. 

If you have any queries regarding the processing of your Personal Data or wish to exercise any of the rights stated above, please write to the controller at the address provided below.  You have the right to lodge a complaint regarding how Combitech processes your Personal Data to the relevant data protection authority or similar body within your jurisdiction. 

How can you contact the controller and exercise your rights?

The controller for any Personal Data we hold about you is Combitech AB, corporate identity 556218-6790, Universitetsvägen 14, P.O Box 15042, SE-580 15 Linköping, Sweden. You can contact the controller at the following contact information: info@combitech.se Combitech is a company in the Saab Group.

Informasjon

Personlig informasjon

Adresseinformasjon

Ytterlig informasjon

Betingelser og vilkår

This notice explains how Combitech, collects, uses, discloses, transfers and stores and personal data relating to you, such as your name, address, etc. (“Personal data”)

Why do we collect your Personal Data

The purpose of Combitech´s processing of your Personal Data in relation to the course is (i) to be able to handle the administration around the course, (ii) to facilitate current and/or future engagements between Combitech and you or your employer (iii) and to update you about other upcoming courses.

What Personal Data do we collect from you and what do we do with it? 

The Personal Data collected by Combitech includes name, address, email address, telephone/mobile phone number, and food preferences. This Personal Data will be registered in Combitech’s Event Management System.  We also collect social security number (or for if you don’t have a Swedish social security number - citizenship and passport number) for access to the location where the event is held.

What is Combitech’s legal basis for the processing of your Personal Data?

Combitech’s processing of your Personal Data in our Event Management Systems is based on legal contract between you and Combitech. When registering, you are entering into a legal binding contract with Combitech. 

Combitech’s processing of your Personal Data in our Event Management Systems is also based on the legitimate interests pursued by Combitech. 

This means that Combitech is of the view that its interest in processing your Personal Data for the purposes listed above prevails the privacy violation that you are exposed to as a result of the processing. This conclusion from our balance of interest test is made especially due to the fact that (i) it is crucial for Combitech to process contact information to a representative of Combitech’s customers to facilitate our customer engagements; (ii) that the processing of your Personal Data is limited to the extent possible; and (iii) that you at any time may choose to opt-out from receiving communication from Combitech.

Legal basis for collecting social security number is for Combitech to fulfil a legal obligation when giving you access to the location for this event.

Who might we share your Personal Data with? 

Your Personal Data will be used by Combitech. Combitech will also share your Personal Data with suppliers and partners that carry out services on Combitech’s behalf such as different course responsibles.

How long do we keep your Personal Data? 

Combitech will store your Personal Data for a period of two years after your and/or your employer’s most recent interaction with Combitech. Combitech may, instead of destroying or erasing your Personal Data, make it anonymous such that it cannot be associated with or tracked back to you in any way. Personal data collected to fulfil a legal obligation will be stored for the envisaged time. 

What are your rights? 

If your Personal Data are incorrect or needs to be updated you may at any time request that we correct or update the Personal Data by contacting the controller (please find contact details below). You may also contact us if you no longer would like us to process your Personal Data, if you would prefer us to restrict our processing in any manner or if you no longer wish to receive information about Combitech’s products (We still need to process your personal data if you want to go one of our courses. If you don´t want us to process your personal data in relation to the course, you need to unregister from the course). We will then delete your Personal Data from our systems or restrict our processing of your Personal Data. [Please note however, that an erasure of your Personal Data or a restriction of our processing of your Personal Data may mean that we will not be able to provide our services to you, wholly or partially]. In addition, you may receive a copy of the Personal Data relating to you and information regarding our processing of such personal data by applying to the controller in writing. In such case, we will provide your Personal Data to you in a commonly used data format. 

If you have any queries regarding the processing of your Personal Data or wish to exercise any of the rights stated above, please write to the controller at the address provided below.  You have the right to lodge a complaint regarding how Combitech processes your Personal Data to the relevant data protection authority or similar body within your jurisdiction. 

How can you contact the controller and exercise your rights?

The controller for any Personal Data we hold about you is Combitech AB, corporate identity 556218-6790, Universitetsvägen 14, P.O Box 15042, SE-580 15 Linköping, Sweden. You can contact the controller at the following contact information: info@combitech.se Combitech is a company in the Saab Group.