Risk Assessment and Management

Risk Assessment and Management in compliance with the ISO/IEC 27001 standard

Due to the increasing importance of information security in business contacts, especially upon Poland joining NATO and EU, certification of an Information Security Management System on the basis of the requirements of the BS-7799-2 standard, is increasingly often a formal requirement when signing contracts with business partners.

One of the basic stages involved in the implementation of an Information Security Management System in compliance with the ISO/IEC 27001 standard, is performing the risk assessment process, and then effective management of this risk.

Unfortunately, it is a difficult, time-consuming and costly process. Also, the directions included in the standard are very general, and present no clear method for conducting the risk assessment process. The standard only requires for this process to be formally described and repeatable.

Meeting your needs in this area, we invite you to participate in a two-day training course, during which we will:

  • Clarify the requirements of the ISO/IEC 27001 standard for risk management and assessment in an organization, in the context of practical application of these requirements in businesses of various size.
  • Pay special attention to practical preparation for independent work in your own businesses.
  • Conduct FMEA analysis, QFD analysis, statistical analysis, analysis design and analysis methodology selection.
  • Base the training on analysis of multiple case studies, and independent workshops for participants.
  • The participants will be prepared to solve problems independently, will solve example problems during the training course, and present the results for other participants to see.
  • Participants will have a chance to take an exam, and obtain an ISecMan Security Engineer Certificate for “Risk Assessment and Management in compliance with the ISO/IEC 27001 standard, using the FMEA methodology”.


This training course is especially recommended for:

  • Management
  • Candidates for the positions of information security representatives, security administrators, ITC security inspectors
  • Candidates for internal auditors handling information security management
  • Members of teams conducting risk analysis and internal audits
  • IT department managers, and managers of those departments in a business, which use IT technology for information processing
  • Personnel responsible for information security in IT systems