ISO/IEC 27005:2022 – What are the changes?

•Download as PPTX, PDF•

0 likes•1,613 views

ISO/IEC 27005:2022 provides guidance in assisting you and your organization to perform information security risk management activities. Amongst others, the webinar covers: • Changes to the ISO/IEC 27005:2022 standard • Changes to the ISO/IEC 27005:2022 standard • Why a new ISO/IEC 27005-standard? Presenters: Anders Linde Anders Linde, founder of CISO27, holds more than 12 years of information security consulting and training experience. Anders is particularly interested in resolving the challenges arising from the consolidation and adaptation of international best practices in different organizational settings. Anders is a PECB certified trainer and member of SC27, contributing to the international development of the ISO/IEC 27000 series. Tony Chebli Tony is a cybersecurity practice leader and certified instructor. He was appointed as a CISO “information security head” for Group Credit Libanais for the past 13 years. Tony engineered a security program derived from ISO 27001 and PCI-DSS which helped the Bank comply with Central Bank of Lebanon and Banking Control Commission circulars and satisfy the external and internal IT auditors’ requirements. He was featured as a keynote speaker at several conferences and contributed to developing security awareness in the Middle East. Tony was hosted as a speaker for ISC2 Secure Summit in Dubai (November 2017), and the PCI council in Dubai (April 2016), he conducted as well road shows about ISO 27001 in KSA, Dubai, Jordan & Lebanon. Tony received for three consecutive years the “CISO 100 information security executive” award from the Middle East Security Awards (MESA) in Dubai. Date: November 16, 2022 Tags: ISO, ISO/IEC 27005, Information Security Risk Management ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 https://pecb.com/article/data-protection-risk-management https://pecb.com/article/investing-in-information-security-awareness Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION

Technology

Agenda
 Changes to the ISO/IEC 27005:2022
standard
 Reflections and questions

Risk standards
ISO 31000
IEC 31010
ISO/IEC 27005
ISO/IEC 29134
ISO/IEC 27557

The purpose of ISO/IEC 27005
In a context of information security:
• Assessing risk
• Treating risks
• Monitoring risks
• Communication of risks

Continuous improvements
PLAN
• Scope determination and
risk acceptance
• Risk assessment process
DO
• Risk assessments are
carried out according to
the process and risks
CHECK
• Risk owners follow up on
action plans derived from
the risk assessments
ACT
• The effectiveness of
measures has been
verified
New information?
Changed value of information?
New threats?
Information security incidents?
New business processes?
New vulnerabilities?

ISO/IEC 27001: Methodology
Approach:
• Framework enabling comparable and reproducible results
• Criteria for identification, analysis and evaluation
• Risk acceptance criteria consistent with policies, objectives and
stakeholders
• Actions to address risks
• Organizational setup, including designation of risk owner

ISO/IEC 27001: Risk Assessment
Probability Consequence Risk
How likely is an
incident to occur?
What impact does
this have on our
information assets?

Why a new ISO/IEC 27005-standard?
2008
• First
version
2011
• Adapted to
the 2005-
version of
ISO/IEC
27001
2018
• Off with
27001
references
and Annex
G
2022
• Adapted to the
2013 and 2022-
version of
ISO/IEC 27001

ISO/IEC 27001-alignment
”This document provides guidance
on implementation of the
information security risk
requirements specified in ISO/IEC
27001:2022”
ISO/IEC 27005:2022, introduction

Risk management process
RISK TREATMENT
RISK EVALUATION
RISK ANALYSIS
RISK IDENTIFICATION
ESTABLISHING CONTEXT
COMMUNICATION
AND
CONSULTING
MONITORING
AND
REVIEW
RISK ASSESSMENT

Risk assessment
Identification
Find risk scenarios
Analysis
Calculate probability
and consequence
Evaluation
Compare risks with
acceptance criteria
4. Very likely
3. Likely
2. Quite unlikely
1. Very unlikely
Power outage
No diesel for
generator
4. Very big consequence
3. Great consistency
2. Small consequence
1. Very little consequence

Asset- vs. event-based approach
Interplay between an event- and asset-based approach, jf. ISO/IEC 27005:2022

Strategy vs. Operations
Risk scenarios based on an event- or asset-based approach, jf. ISO/IEC 27005:2022, figure A.4

Risk perspective
Top
management
Business units
IT departments
Technical
risks
Risks to the
business
Risks to information
Information security
IT security
Strategic risk management

Risk treatment
D
C
B
A
Accept
Choosing to live with the
risk
Avoid
Not starting or continuing
that activity
Modify
Maintain or change the
risk
Share
Share responsibility with
other parties

Statement of Applicability
Organizational People
Physical Technological

Risk management in an ISMS
4. Context of the
organization
The organization and
its framework
Stakeholders'
expectations and
needs
Determination of the
scope
ISMS
5. Leadership Leadership and
commitment
Policy
Roles, responsibilities
and authorities in the
organization
6. Planning
Actions to manage
risks and
opportunities
Information security
objectives and
planning to achieve it
7. Support Resources Competences Awareness Communication Documentation
8. Operation Operational planning
Assessing information
security risks
Treating information
security risks
9. Evaluation of
performance
Monitoring,
measurement,
analysis and
evaluation
Internal audit Management review
10.
Improvement
Nonconformities n
and corrective actions
Continuous
improvement
ISO/IEC 27005:2022: Leveraging related ISMS processes (clause 10)

Gathering the annexes
ISO/IEC 27005: 2018
• Annex A (informative) Defining the scope and
boundaries of the information security risk
management process
• Annex B (informative) Identification and valuation of
assets and impact assessment
• Annex C (informative) Examples of typical threats
• Annex D (informative) Vulnerabilities and methods for
vulnerability assessment
• Annex E (informative) Information security risk
assessment approaches
• Annex F (informative) Constraints for risk modification
ISO/IEC 27005: 2022
•Annex A (informative) Techniques in support
of the risk assessment process:
•A.1 Information security risk criteria
• A.1.1 Criteria related to risk assessment
• A.1.2 Risk acceptance criteria
•A.2 Practical techniques
• A.2.1 Information security risk components
• A.2.2 Assets
• A.2.3 Risk sources and desired end state
• A.2.4 Event-based approach
• A.2.5 Asset-based approach
• A.2.6 Examples of scenarios applicable in both
approaches
• A.2.7 Monitoring risk-related events

Risk techniques
Qualitatively
Quantitatively
ISO/IEC 27005:2022, table A.4
ISO/IEC 27005:2022, table A.2

Terms included
An effect is a deviation from the
expected, positive or negative
ISO/IEC 27005, 3.1.1, note 1
Information security risks are always
associated with a negative effect of
uncertainty on information security
objectives
ISO/IEC 27005, 3.1.1, note 6

Triggers
Identifies all
necessary
information to
perform the activity
Describes the
activity
Provides guidance
on when to start the
activity, for example
due to a change in
the organization or
according to a plan.
Identifies all
information
resulting from the
performance of the
activity, as well as
any criteria that such
output must meet
Provides guidance
in carrying out the
activity, keywords
and key concept

Summary
More practical in relation to the ISO/IEC 27001
requirements
Important distinction between an asset- and event-based
approach
More specific guidance on risk management techniques via
examples and the annex

THANK YOU
Q&A
anders@ciso27.dk Anders Linde
Tony Chebli
tchebli@gmail.com

What's hot

Iso 27001 2013 Standard Requirements

Uppala Anand

What is ISO 27001 ISMS

Business Beam

ISO 27001

jcfarit

ISO 27001_2022 Standard_Presentation.pdf

SerkanRafetHalil1

ISO 27001 2002 Update Webinar.pdf

ControlCase

ISO 27001:2013 is the international standard that provides a framework for Information Security Management Systems (ISMS) to provide continued confidentiality, integrity and availability of information as well as legal compliance. ISO 27001 certification is essential for protecting your most vital assets like employee and client information, brand image and other private information. The ISO standard includes a process-based approach to initiating, implementing, operating and maintaining your ISMS. This implementation guide will help you run through the benefits, PDCA Cycle and Annex SL structure in detail for implementing ISO 27001. Find out more or get a quote for certification here – https://www.nqa.com/en-gb/certification/standards/iso-27001

NQA ISO 27001 Implementation Guide

NQA

27001 awareness Training

Dr Madhu Aman Sharma

ISO 27001

n|u - The Open Security Community

Basic introduction to iso27001

Imran Ahmed

NIST Cybersecurity Framework Intro for ISACA Richmond Chapter

Tuan Phan

The right approach to data governance plays a crucial role in the success of AI and analytics initiatives within an organization. This is especially true for small to medium-sized companies that must harness the power of data to drive growth, innovation and competitiveness. This guide aims to provide SMB organizations with a practical roadmap to successfully implement a data governance strategy that ensures data quality, security and compliance. Use it to unlock the full potential of your data assets.

Practical Guide to Data Governance Success

Ample Insight Inc

ISO 22301 Business Continuity Management

Ramiro Cid

ISO 27001 How to use the ISMS Implementation Toolkit.pdf

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Enterprise Security Architecture

Priyanka Aash

Iso 27001 isms presentation

Midhun Nirmal

In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR. Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance. In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible. Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates. The webinar will cover: • Quick recap on general ISO components and approach • Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance • Do's and don’ts for implementation and audit • The importance of evidence in the audit • Managing audit expectations and the never ending audit cycle Recorded webinar: https://youtu.be/HL-VUiCj4Ew

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation

PECB

NIST CyberSecurity Framework: An Overview

Tandhy Simanjuntak

A Data Governance roadmap is typically based on the results of a best practice assessment. The assessment defines the outcomes required to achieve Data Governance best practices while the roadmap details the “actionable streams” required to formalize a Data Governance program and achieve those outcomes. In this month’s webinar, Bob Seiner will share the process he follows to build a Data Governance roadmap of actionable streams and the steps required to complete the streams. In addition, Bob will describe the activities that are common to most organizations getting started or evaluating the success of their program. Topics to be discussed in this webinar include: • Criteria for defining best practices • Using the assessment results to build the roadmap • Examples of repeated actionable streams • The role of the program administrator in executing the roadmap • Communicating the roadmap to the stakeholders

RWDG Slides: Building a Data Governance Roadmap

DATAVERSITY

Iso27001- Nashwan Mustafa

Fahmi Albaheth

GDPR and ISO 27001 - how to be compliant

Ilesh Dattani

What's hot (20)

Iso 27001 2013 Standard Requirements

What is ISO 27001 ISMS

ISO 27001

ISO 27001_2022 Standard_Presentation.pdf

ISO 27001 2002 Update Webinar.pdf

NQA ISO 27001 Implementation Guide

27001 awareness Training

ISO 27001

Basic introduction to iso27001

NIST Cybersecurity Framework Intro for ISACA Richmond Chapter

Practical Guide to Data Governance Success

ISO 22301 Business Continuity Management

ISO 27001 How to use the ISMS Implementation Toolkit.pdf

Enterprise Security Architecture

Iso 27001 isms presentation

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation

NIST CyberSecurity Framework: An Overview

RWDG Slides: Building a Data Governance Roadmap

Iso27001- Nashwan Mustafa

GDPR and ISO 27001 - how to be compliant

Similar to ISO/IEC 27005:2022 – What are the changes?

How Does the New ISO 27001 Impact Your IT Risk Management Processes?

Lars Neupart

Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...

KMD

541728869-Introduction-to-ISO-27001.pdf

SharudinBoriak1

New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information. Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures. The webinar covers: 1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR • ISO/IEC 27005 – Information Security Risk Management • ISO/IEC 27035 – Information Security Incident Management • ISO/IEC 22301 & 27031 - Business Continuity Management (BCM) 2. Alternative Frameworks • CMMC - Cybersecurity Maturity Model Certification • NIST CSF Cybersecurity Framework • ISO/IEC 27032 – Guidelines for Cybersecurity 3. Supplier Management Date: April 21, 2021 Recorded Webinar: https://youtu.be/bi3tvvhGV1s

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know

PECB

This webinar illustrates: - An overview of the GDPR - How an ISO 27001-aligned ISMS can support GDPR compliance - The top risks that result in data breaches - The benefits of implementing an ISMS - The technical and organisational requirements to achieve GDPR compliance - How to improve your overall information security in line with the GDPR’s requirements A recording of the webinar can be found here: https://www.youtube.com/watch?v=s7XQwBQ6JMg

GDPR compliance and information security: Reducing data breach risks

IT Governance Ltd

Developing A Risk Based Information Security Program

Tammy Clark

[To download this complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations] ISO/IEC 27001:2022 is the latest internationally-recognised standard for Information Security Management Systems (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It provides a robust framework to protect information that can be adapted to all types and sizes of organization. Organizations that have significant exposure to information-security related risks are increasingly choosing to implement an ISMS that complies with ISO/IEC 27001. This ISMS awareness PPT presentation material is designed for organizations who are embarking on ISO/IEC 27001:2022 implementation and need to create awareness of information security among its employees. LEARNING OBJECTIVES 1. Acquire knowledge on the fundamentals of information security 2. Describe the ISO/IEC 27001:2022 structure 3. Understand the ISO/ IEC 27001:2022 implementation and certification process 4. Gather useful tips on handling an audit session

ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training

Operational Excellence Consulting

ISMS Requirements

humanus2

Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats. Amongst others, the webinar covers: • Benefits of Compliance • Digital Transformation: Why • ISO/IEC 27001 and ISO/IEC 27032 • ISO/IEC 27001: Information Security Management System (ISMS) • ISO/IEC 27032: Cybersecurity Framework Presenters: Douglas Brush Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery. He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He is the founder and host of Cyber Security Interviews, a popular information security podcast. Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry. Malcolm Xavier Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc. His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management. Carole Njoya Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period. Date: September 27, 2023 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 YouTube video: https://youtu.be/U7tyzUrh8aI

ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation

PECB

In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared. Amongst others, the webinar covers: • ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components • The standard’s alignment • Emerging Cybersecurity Threats • What is new to the ISO/IEC 27032:2023 Presenters: Madhu Maganti Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes. Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting. Jeffrey Crump Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership. Date: October 25, 2023 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/a21uasr8aLs

Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...

PECB

Cyber resolution ban-ana comparing to ana-nas.pdf

toncik

Risk mgmt key to security certifications v2

Jorge Sebastiao

Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally. Main points that will be covered are: • The scope of ISO 27001 & associated other standards references • Information Security and ISIM Terminologies • ISIM auditing principles • Managing audit program & audit activities Presenter: Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience. Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs

Best Practices in Auditing ISO/IEC 27001

PECB

How to Conduct an ISO 27001 Risk Assessment That Works

VISTA InfoSec

english_bok_ismp_202306.pptx

ssuser00d6eb

Iso27001 Isaca Seminar (23 May 08)

samsontamwaiho

Iso27001 Isaca Seminar (23 May 08)

samsontamwaiho

To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301. Amongst others, the webinar covers: • Why we need a cyber response plan to protect business operations • Introduction to ISO/IEC 27001 and ISO 22301 • What do we need for a cyber security response plan? • How do we develop a cyber security response plan? Presenters: Nick Frost Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management. Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry. Simon Lacey Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change. Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker. Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors. When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic. Date: April 26, 2023 Find out more about ISO training and certification services Training: https://bit.ly/3AyoyYF https://bit.ly/3LbBVTx Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ YouTube video: https://youtu.be/i4qx5mjEqio

ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...

PECB

Iso iec 27001 foundation training course by interprom

Mart Rovers

Overview of ISO 27001 ISMS

Akhil Garg

Similar to ISO/IEC 27005:2022 – What are the changes? (20)

How Does the New ISO 27001 Impact Your IT Risk Management Processes?

Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...

541728869-Introduction-to-ISO-27001.pdf

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know

GDPR compliance and information security: Reducing data breach risks

Developing A Risk Based Information Security Program

ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training

ISMS Requirements

ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation

Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...

Cyber resolution ban-ana comparing to ana-nas.pdf

Risk mgmt key to security certifications v2

Best Practices in Auditing ISO/IEC 27001

How to Conduct an ISO 27001 Risk Assessment That Works

english_bok_ismp_202306.pptx

Iso27001 Isaca Seminar (23 May 08)

ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...

Iso iec 27001 foundation training course by interprom

Overview of ISO 27001 ISMS

Beyond the EU: DORA and NIS 2 Directive's Global Impact

PECB

In an era where digital transformation is inevitable, the landscape of cybersecurity is constantly evolving. Amongst others, the webinar covers: • DORA and its Implications • ISO/IEC 27005: Risk Management in Information Security • Leveraging Artificial Intelligence for Enhanced Cybersecurity Presenters: Geoffrey L. Taylor - Director of Cybersecurity Geoffrey Taylor brings a wealth of experience from multiple roles within various industries throughout his career. As a Certified ISO 27001 Implementer and Auditor, as well as certified ISO 27005, CISM and CRISC, he brings a unique perspective on cybersecurity strategy, risk management and the implementation of an Information Security Management System, having helped multiple organizations in aligning their strategy based on their threat landscape. Martin Tully - Senior Cyber Governance Consultant Martin is a Senior Consultant at CRMG with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance and risk analysis methodologies. Martin is also accomplished at: leading the implementation of an ISMS; delivering a number of information risk assessments; reviewing information security policies; assessing security requirements across the supply chain; and updating a complete framework of supporting standards. Prior to the ISF, Martin’s roles have included delivering operational risk reporting, running research projects and benchmarking information security investments for major clients. Martin holds a Bachelors degree from Royal Holloway University of London. Date: March 27, 2024 Tags: ISO, ISO/IEC 27005, ISO/IEC 42001, Artificial Intelligence, Information Security, Digital Operational Resilience Act (DORA) ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: ISO/IEC 27005 Information Security Risk Management - EN | PECB ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/ffX-Xbw7XUk

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity

PECB

In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed. Amongst others, the webinar covers: • ISO/IEC 27001 and ISO/IEC 42001 and their key components • Latest trends in AI Governance • Ethical AI practices • Benefits of Certification Presenters: Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001 Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001). Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001 Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations. Date: February 28, 2024 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: ISO/IEC 27001 Information Security Management System - EN | PECB ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ YouTube video: https://youtu.be/DujXaxBhhRk

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance

PECB

The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential. Amongst others, the webinar covers: • ISO/IEC 27002 and ISO/IEC 27032 and their key components • Key Components of a Resilient Cybersecurity Strategy • CMMC Frameworks Presenters: Dr. Oz Erdem Governance, Risk and Compliance (GRC) consultant, trainer, auditor, and speaker Dr. Erdem has over 25 years of experience in information security, trade compliance, data privacy, and risk management. He took leadership roles in governance and compliance at various Fortune 100-500 companies and SMBs, including Siemens Corporation, Siemens Industry, Linqs, Texas Instruments, Rtrust, ICEsoft Technologies, NATO C3A, and BILGEM. In addition, successfully managed software development (i.e., embedded, cloud, and SaaS) and digital product projects involving information security, mobile networks, and IoT networks. Further, Dr. Erdem led several non-profit organizations, such as National Association of District Export Councils (NADEC), Government Contractors Council (GovConCouncil), and Central-North Florida District Export Council as the Chairman of the Board. Peter Geelen Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more. George Usi - CEO of Omnistruct An internet pioneer and award-winning leader in internet governance with over 25 years of experience, George Usi knows that getting hacked is not a matter of ‘if’ but, ‘when’ and the fiscal and reputational effects that has on a business, the executives, and the board. George is the Co-Founder of Omnistruct, a cyber risk company. Omnistruct protects and expands revenue creation, reputation, and customer retention through cyber risk transference, governance, and compliance. We ensure that security and privacy programs work. Date: January 24, 2024 YouTube Video: https://youtu.be/9i5p5WFExT4 Website: https://bit.ly/3SjovIP

ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...

PECB

As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential. Amongst others, the webinar covers: • ISO/IEC 27001 and ISO/IEC 27035 and their key components • Key Components of a Resilient Cybersecurity Strategy • Best practices for building a resilient cybersecurity strategy in 2024 Presenters: Rinske Geerlings Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer. She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs) Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents. She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk. Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions. Loris Mansiamina A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc. Date: December 19, 2023 Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 ISO/IEC 27035 Information Security Incident Management - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/yT8gxRZD_4c

ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...

PECB

In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared. Amongst others, the webinar covers: • ISO/IEC 27005 and ISO/IEC 27001 and their key components • The standard’s alignment • Identifying AI risks and vulnerabilities • Implementing effective risk management strategies Presenters: Sabrina Feddal With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams. Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation. Her values: excellence, discretion, professionalism. Mike Boutwell Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects. Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director. Date: November 22, 2023 Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 ISO/IEC 27005 Information Security Risk Management - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/TtnY1vzHzns

ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively

PECB

The management of AI systems is a shared responsibility. By implementing the ISO 31000 Framework and complying with emerging regulations like the EU ACT, we can jointly create a more reliable, secure, and trustworthy AI ecosystem. Amongst others, the webinar covers: • Understanding AI and the regulatory landscape • AI and the threat landscape • A risk driven approach to AI assurance - based on ISO 31000 principles • Stress testing to evaluate risk exposure Presenters: Chris Jefferson Chris is the Co-Founder and CTO at Advai. As the Co-Founder of Advai, Chris is working on the application of defensive techniques to help protect AI and Machine Learning applications from being exploited. This involves work in DevOps and MLOps to create robust and consistent products that support multiple platforms, such as cloud, local, and edge. Nick Frost Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense that prioritized key risks to the organisation and helped minimize disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management. Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicist in the Oil and Gas Industry. Date: August 24, 2023 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000 Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/MXnHC6AvjXc

Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations

PECB

Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI. Amongst others, the webinar covers: • AI & Privacy • Generative AI, Models & Cybersecurity • AI & ISO/IEC 27032 Presenters: Christian Grafenauer Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307. Akin Johnson Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape. Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets. Lucas Falivene Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards. Date: July 26, 2023 YouTube Link: https://youtu.be/QPDcROniUcc

Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?

PECB

By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties. Amongst others, the webinar covers:  Importance of Data Protection  Understanding Data Collection and Challenges  Introduction to GDPR  Key Principles of GDPR  Who does GDPR Apply to and Its Global Implications  Introduction to ISO/IEC 27701  Implementing ISO/IEC 27701  Privacy by Design  Dealing with IT on a Daily Basis  Building Awareness and Training  Audit, Data Discovery, and Risk Assessments Presenters: Mike Boutwell Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects. Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director. Lisa Goldsmith Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders. Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East. Date: June 27, 2023 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701 Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/lfJrSLaGDtc Website: https://bit.ly/437GOnG

GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...

PECB

The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data. Amongst others, the webinar covers: • Quick recap on the ISO/IEC 27001:2013 & 2022 • ISO/IEC 27001 vs legislation • The EU Cyber Legislation landscape • Some considerations and consequences • How to stay on top of the ever changing context Presenters: Peter Geelen Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more. Jean-Luc Peters Jean-Luc Peters brings 25 years of IT technology, information and cybersecurity expertise to boards, executives, and employees. Since the younger age he has held management positions in the private and government sector. He is currently the Head of the Cyber Emergency Response team for the National Cybersecurity Authority in Belgium. In addition to this, he is also a trainer, coach and trusted advisor focusing on enhancing cyber resilience. Jean-Luc has helped in the technical implementation of the NIS 1 (Network and Information Security) Directive transposition in Belgium, defining the Baseline Security Guidelines governmental ISMS framework and many other projects. He holds several certifications, including ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Auditor, CISSP, GISP, Prince 2 Practitioner, ITIL etc. Date: May 31, 2023 Tags: ISO, ISO/IEC 27001, Information Security, Cybersecurity ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/rsjwwF5zlK8

How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...

PECB

Student Information Session University KTMC

PECB

Integrating ISO/IEC 27001 and ISO 31000 can help organizations align their information security and risk management efforts with their overall business objectives, leading to more effective risk management and better decision-making. Amongst others, the webinar covers: • Aligning the ISMS process with ISO/IEC 27001 • Using ISO 31000 within the ISMS • Aligning the RM process with ISO 31000 • How/where does ISO/IEC 27001 fit? Presenters: Nick Riemsdijk As a highly experienced and multi-skilled leader in Information and Physical Security, Nick is known as a collaborative, focused, driven and highly analytical individual with a broad portfolio of successes in client engagements. His expertise spans devising, implementing, managing and delivering information security, physical security, organizational resilience and facilities management solutions for organizations. He is certified as a Certified Information Security Manager (CISM), Certified Protection Professional (CPP), in Project Management (Prince2), ISO 22301 (Business Continuity), ISO 27001 (Information Security), and ISO 31000 (Risk Management). Rinske Geerlings Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer. She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs) Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents. She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk. Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions. Date: March 23, 2023 Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ YouTube video: https://youtu.be/Xj0U2mbpZUs

Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...

PECB

Student Information Session University CREST ADVISORY AFRICA

PECB

Effective IT Governance requires proper Information Security practices to ensure that the organization's data is secure. On the other hand, Information Security policies and procedures must be aligned with the organization's overall IT Governance framework to ensure that security measures do not negatively impact business operations. Amongst others, the webinar covers: ▪ Bring Governance and InfoSec Together ▪ Answering WIIFM ▪ Business Terms Presenters: Dr. Edward Marchewka Dr. Edward Marchewka is a seasoned executive that has come up through the ranks in the IT vertical, expanding into information security, quality management, and strategic planning. Edward founded and serves as the Principal for 3LC Solutions, enabling YOU to Tell a Better Story in business, with our vCIO, vCISO, quality, and strategy consulting services, through metrics and relating risk to the business with our CHICAGO Metrics® SaaS solution. He has also held several roles leading information technology, most recently with Gift of Hope Organ and Tissue Donor Network, leading the Information and Technology Services department as the Director of IT, Data, and Security Services. Prior to Gift of Hope, he ran information security for Chicago Public Schools. Edward has earned a Doctorate of Business Administration from California Southern University and Masters’ degrees in Business Administration and Mathematics from Northern Illinois University. He earned Bachelors’ degrees in Liberal Studies and Nuclear Engineering Technologies from Thomas Edison State College, N.J. Edward maintains several active IT, security, and professional certifications from (ISC)2, ASQ, ITIL, PCI, PMI, ISACA, Microsoft, and CompTIA. He has held legacy IT certifications from Cisco and HP, and a designation from the National Security Agency. Date: February 22, 2023 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-38500 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/2bSbAdL5Idg

IT Governance and Information Security – How do they map?

PECB

Information Session University Egybyte.pptx

PECB

oin us as our Director for Business Mustafe Bislimi teams up with Dr. Obadare Peter Adewale, our academic partner Digital Encode Limited, to provide valuable information about our programs, admissions process and specialization and elective courses. Discover the opportunities available to you as a student at PECB University and get a firsthand look at what makes us a top choice for education. Whether you're a prospective student or simply curious about PECB University, don't miss this informative session! Subscribe to our channel and stay tuned for more videos. For inquiries regarding admission process contact us: university.studentaffairs@pecb.com -EMBA in Cybersecurity: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHJQUUpjMmY2NmcyeURhTzE5VlRSNjg2Y1hwd3xBQ3Jtc0tuLTZqdmZyWkc2VVNQV21YRTlKZUQ2SEtUenNXbzYyb1ZianV5cldDYTViWjZ1eVhCNWtxWHI3VTNwRS1BOE4wTERkZ3BtcndwM0sxdVoydWZYSXBkV2hYd2lwU0NLSTk5WERWMlhtVk1Ud2tuWTRjTQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fcybersecurity&v=3YJbbr708pk -EMBA in Business Continuity Management: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JQTGVhd1VfeG1weWNzUzRrMmg2bk0tc3kxUXxBQ3Jtc0tsOVF5VG82TkhRU3R5TVRWWmdhMzBrSTU2eW9wby1OYWN4VTg5bkJBY0lhTmNsOFhETzB5cVp0WU8zbTQwTlZkdk9Dby1fSXdhWmRpZFFPUmk3NS1QOGpMOVBlaDFhVVpwa2JZMkxKNGRnTnppMm93SQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fbusiness-continuity-management&v=3YJbbr708pk -EMBA in Governance, Risk, and Compliance: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUplMGtjOFRWbzdGWERmdTR2QjdSbTBuQUxCd3xBQ3Jtc0tsNVdOU1p6UERWM3ZySE55V2FlWlJ1aFlzUU85VEt0aVRoR0hyTjNHbUNVYVMyb0lzTkZycUtJRzNxazlDWGRqTHZQMWJPZEYwbG1xWjVJN1JNOW1QUjJBZDY3NkU5LVl0b2xxOFpkZW1ZX2F3QmF5cw&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fgovernance-risk-compliance&v=3YJbbr708pk

Student Information Session University Digital Encode.pptx

PECB

Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets. Amongst others, the webinar covers: • Top Cyber Trends for 2023 • Cyber Insurance • Prioritization of Cyber Risk Presenters: Colleen Lennox Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job! Madhu Maganti Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes. Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting. Date: January 25, 2023 Tags: ISO, ISO/IEC 27032, Cybersecurity Management ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 https://pecb.com/article/cybersecurity-risk-assessment https://pecb.com/article/a-deeper-understanding-of-cybersecurity Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/BAAl_PI9uRc

Cybersecurity trends - What to expect in 2023

PECB

Several organizations are experiencing increased volatility in their security environment. A proper security management system can contribute to business resilience and to its credibility, hence, organizations should continually conduct security risk assessments in order to be able to better manage their security. Amongst others, the webinar covers: • What is ISO 28000:2022 • Why is it important and changes • How it operates • Benefits to implement this standard Presenters: Patrick Ben As a cybersecurity analyst, Patrick is highly skilled in identifying and mitigating security threats to computer systems and networks. With a strong background in computer science and a passion for staying up-to-date on the latest security trends, he is able to analyze and evaluate security risks and develop effective strategies to protect against them. I have experience working with a variety of security tools and technologies, including firewall configurations, intrusion detection systems, and network security protocols. Patrick is also proficient in coding languages such as Python and Java, which allows him to analyze and understand complex security systems at a deeper level. Overall, Patrick’s goal is to use his expertise and experience to help organizations and individuals protect their systems and data from security threats. He is excited to continue learning and growing in the field of cybersecurity and to make a positive impact in the world of information security. Date: December 14, 2022 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022 https://pecb.com/article/investing-in-information-security-awareness Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION Webinar: https://youtu.be/G2Ru7jiSRmE

ISO 28000:2022 – Reduce risks and improve the security management system

PECB

Organizations need to implement a risk management strategy in order to mitigate, and whenever possible, eliminate cyber risks and threats. ISO/IEC 27032 and ISO 31000 combined help you to manage cyber risks. Amongst others, the webinar covers: • ISO/IEC 27032 vs. ISO 31000 • IRTVH Assessment Framework Presenters: Sherifat Akinwonmi Sherifat is a Cyber Security professional with over 12 years of experience across diverse industries including Agriculture, Oil & Energy Services, Pharmaceuticals, Financial and IT services. She is part of the top 20 Canadian Women in Cybersecurity – ITWC. She is also a Business Information Security Officer (BISO) with one of the top banks in Northern America. Sherifat is member of several boards including the Advisory Board for Canadian Women in Cybersecurity, Girls & Women Technological Empowerment Organization (GWTEO). She has a great passion and interest in enabling women in their professional careers. She volunteers her time mentoring young people to launch their careers in Technology and supports the less privileged. Geary Sikich Geary Sikich is a Senior Crisis Management Consultant at Health Care Service Corporation (HCSC). Prior to joining HCSC, Geary was a Principal with Logical Management Systems, Corp., a management consulting, and executive education firm with a focus on enterprise risk management, contingency planning, executive education and issues analysis. Geary developed LMSCARVERtm the “Active Analysis” framework, which directly links key value drivers to operating processes and activities. LMSCARVERtm provides a framework that enables a progressive approach to business planning, scenario planning, performance assessment and goal setting. Prior to founding Logical Management Systems, Corp. in 1985 Geary held a number of senior operational management positions in a variety of industry sectors. Geary served in the U.S. Army; responsible for the initial concept design and testing of the U.S. Army's National Training Center and other related activities. Geary holds a M.Ed. in Counseling and Guidance from the University of Texas at El Paso and a B.S. in Criminology from Indiana State University. Geary has developed and taught courses for Norwich University, University of Nevada Reno, George Washington University and University of California Berkley. He is active in Executive Education, where he has developed and delivered courses in enterprise risk management, contingency planning, performance management and analytics. Geary is a frequent speaker on business continuity issues business performance management. Date: October 12, 2022

ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...

PECB

An organization should enable continual operation of its information security after each incident. That means that information security and business continuity have one thing in common, which is the protection of the availability of information. Amongst others, the webinar covers: • ISO27001 ‘Information Security Management System’ Overview • ISO22301 ‘Business Continuity Management System’ Overview • Improving an ISO27001 Continuity Plan with ISO22301 Presenters: Rod Crowder Rod is the Founder, Managing Director & Principal Consultant of OpsCentre, a boutique provider of: Risk Management, Crisis and Business Continuity, IT Disaster Recovery, Information Security and IT Service Management Consultancy & Training. He is the Australia and New Zealand Country Representative & the Lead Instructor for Disaster Recovery Institute International, the oldest and largest NFP organization serving resilience professionals. He has over 25 years experience in Risk, Resilience, BCP, ITDRP & Information Security projects across Asia Pacific, for 140+ clients and over 420 client consultancy projects. He chairs the Adaptive Business Continuity Advisory Group; an international think-tank committed to developing new resilience and business continuity methodologies and practices. Rudy Shoushany Rudy is a motivational digital leader and Keynote speaker. He has a wide experience in Digital transformation in the financial sector Field, with over 22 years of experience in assisting organizations. His specialty ICT Strategies in Digital Transformation, Governance, Compliance, Blockchain, and CyberSecurity. Rudy is a Certified professional with many achievements and awards skilled in executive leadership & Coaching by PWC. Graduated from University of South Africa, with Certification from Stanford in Cybersecurity Strategies and Boston University in Digital Transformation. Rudy has been lately selected to be on the Forbes Technology Council and selected as top 25 Global Thought leader and Influencer in Technology and Top 100 Leaders in Governance in the digital transformation innovations. He serves as Board Member, coach, Judge and mentor for different Organizations and startups. Date: September 14, 2022 Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection https://pecb.com/article/business-continuity-management-advice-for-employers--covid-19-coronavirus-outbreak https://pecb.com/article/investing-in-information-security-awareness Webinars: https://pecb.com/webinars

ISO/IEC 27001 and ISO 22301: How do they map?

PECB

More from PECB (20)