Description
PROGRAM OVERVIEW:
With the rapid evolution of the digital landscape, information security has become a top priority for organizations across all sectors today.
As cyber threats become increasingly sophisticated and frequent, the impact of a security incident can be enormous, ranging from data breaches and financial loss to reputational damage.
Organizations must proactively protect their information assets against such threats and ensure resilience. One of the most effective approaches adopted in this pursuit is the Information Security Risk Assessment (ISRA).
An ISRA is a comprehensive process that organizations use to identify, assess, and mitigate security risks that compromise the confidentiality, integrity, and availability of their information. A systematic analysis of potential threats, weaknesses, and the potential impact of incidents provides an organization with a clear view of its security posture, enabling the prioritization of risks based on severity.
This enables them to implement focused security actions, which may involve advanced cybersecurity tools, staff training, or system updates. This can significantly bolster defenses against cyberattacks, human errors, and other related risks. A well-designed ISRA ultimately protects all critical systems and data, fostering greater resilience in an increasingly connected world that remains vulnerable and digital.
Cybercrime is projected to cost the world $10.5 trillion annually by 2025, underscoring the urgent need for businesses to adopt robust security measures that ensure regulatory compliance and instil confidence among stakeholders.
COURSE OBJECTIVES:
- Learn concepts specific to information risk management, including terms and definitions
- Recognize typical information security risks faced by organizations
- Recognize typical information security risk management concerns
- Communicate ISO/IEC 27005:2022 introduction, background, purpose, scope, and structure
- Explain how ISO/IEC 27005:2022 integrates and interfaces with other standards such as ISO/IEC 27001:2022
- Determine the value of the information assets under your control
- Learn to Identify, analyse, and evaluate information security risks
- Prioritize and choose appropriate risk treatments
KEY TAKEAWAYS:
- Identify key benefits associated with using ISO/IEC 27005:2022 for protecting information assets as part of an effective information security management system (ISMS)
- Understand the best practice risk management processes contained in ISO/IEC 27005:2022
- Understand the rationale behind the processes, their usage and implementation
TARGET AUDIENCE:
- C-Level Executives
- Board Members
- Risk Officers
- Auditors
PROGRAM STRUCTURE & OUTLINE:
Module 1
- Overview of Information Security Assessment
- Impacts of Risk on Business
- Common Risk Frameworks
- Integrating Business Processes in Risk Assessments
- Developing and Prioritizing Risk Scenarios
- Impact of Cloud Computing and IT Risk
- AI and Machine Learning Vulnerabilities
- Current Cybersecurity Threat Landscape
Module 2
- Tools and Techniques for Risk Assessment
- Measuring Impact and Likelihood
- Risk Appetite and Tolerance
- Aligning Risk Priorities with Business Goals
- Implementing Risk Controls
- Continuous Monitoring and Reviews
Module 3
- Integrating Risk Management with Organizational Strategy
- Essentials of Business Continuity and Disaster Recovery
- Building Organizational Resilience
- Integrating Risk Management with Organizational Strategy
- Building a Risk-Aware Organizational Culture•6 minutes
- Risk Governance Frameworks and Structures
Module 4
- Wrap-Up and Summary
- Q & A
Resource Speaker:
Mr. Kama Neson Ganeson
PMP, PMI-RMP, CGOV, CORS, CCP, CSAP, CLA BCMC & ISMS 2026
Schedule:
July 13, 2026 (Monday) 9:00 AM – 5:00 PM
Training Fee per Participant:
Member Institution – Php3,920.00
Non-Member Institution – Php5,040.00
*VAT inclusive