Certified Risk Professional (CRiSP), based on Risk management processes in ISO 31000: 2018, ISO 27001:2013 & ISO 22301:2012
DURATION: 5 Days
Welcome to the “Certified Risk Professional (CRiSP) Training Course!:
We aim to provide the best and most authoritative training available on implementing an integrated risk management system, encompassing the risk management processes in ISO 31000:2018 (Risk management guidelines), ISO 27001:2013 (Information security management system requirements) and ISO 22301:2012 (Business continuity management system requirements). We believe that you get the most out of the course by fully joining in the discussions and exercises. Participation brings better understanding and provides a good foundation on which to further develop your expertise. It also makes the course fun. We invite you to join in!
Recording:
Please do not use recording devices since they tend to restrict free discussions.
Day 1
|
Time |
Topic |
|
09.00 17.00 |
Welcome and Introductions |
|
Course Aims, Objectives and Structure |
|
|
Risk Management – Overview & updates to previous version of ISO 31000 |
|
|
Understanding Risks – Key concepts and definition |
|
|
Risk Management Principles |
|
|
Risk Management Framework |
|
|
Risk Management Process |
|
|
Learning Application – Activity 2 to 6 |
|
|
Summary |
Day 2
|
Time |
Topic |
|
09.00 17.00 |
Review of Day 1 |
|
Risk Process in Detail |
|
|
Risk Identification |
|
|
Risk Analysis and Evaluation |
|
|
Risk Treatment and Risk Treatment plans |
|
|
Risk Monitoring and Review |
|
|
Risk Recording and Reporting |
|
|
Learning Application Activity 7 – 12 |
|
|
Summary |
Day 3
|
Time |
Topic |
|
09.00 17.00 |
Review of Day 2 |
|
Tailoring Risk Management Process – ISMS |
|
|
Establishing the Context for Risk Assessment – Internal Issues, External |
|
|
Issues, Expectations of Interested Parties – ISMS Perspective |
|
|
Integrating the criteria for security risk assessment as per ISO 27001:2013 |
|
|
Conducting a Risk Assessment (Identification, Analysis and Evaluation) |
|
|
based on ICT case study of Pacific Telecom |
|
|
Establishing Risk Treatment Plans for ISMS – case study based |
|
|
Establishing Information Security Objectives |
|
|
Summary |
Day 4
|
Time |
Topic |
|
09.00 17.00 |
Review of Day 3 |
|
Tailoring Risk Management Process for BCMS – Risk appetite |
|
|
Risk assessment as per ISO 22301:2012 |
|
|
Establishing Business Continuity Objectives |
|
|
Business Continuity Operations Processes |
|
|
Conducting a BIA – case study based |
|
|
Determine a Business Continuity strategy and procedures |
|
|
Business continuity exercising and testing |
|
|
Specimen Exam paper |
|
|
Summary |
Day 5
|
Time |
Topic |
|
09.00 12.30 |
Review of course |
|
Final questions |
|
|
Exam |
|
|
End of Course |