This module introduces the basic principles, standards, legislation, policies, rationale and requirements of an Information Security Management System based on the ISO/IEC 27000x standards. Since risk management is part of the requirements of an ISMS, this module also aims to provide the basic principles, phases and methodologies for implementing it. Mitigation Actions (technical and non-technical) and procedures will be introduced, assessed and evaluated, as well as development of security reports.
- Docente: Nuno Pedrosa
Trainer
Shareeful Islam, Security Labs Consulting
Session Details
- Session Title:
Cyber Security Risk and Vulnerability Management - Session Description:
This section provides an overview of cybersecurity risk management and allows the learners to understand the threats, vulnerabilities, risks and mitigation actions to ensure security of the system and infrastructure.
Key topics include:
Risk Management overview
Open intelligence, i.e., CVE,CVSS, NVD and CAPEC
Cyber-attack path discovery
Asset inventory, vulnerability chain and risk register - Key Learning Objectives:
Demonstrate an in-depth understanding of cyber security risk management
Critically assess and report security risk and suggested suitable mitigation strategy in professional manner
Lab Details
- Lab Title:
Hands on Risk Management - Lab Description:
This session will provide hands-on practice about assessing risk and developing risk register - Key Learning Objectives:
Assessment of Risk and development of risk register - Tools/Software Required:
Mitigate risk management tool
Open intelligence CVE, CAPEC
- Docente: Shareeful Islam
This module introduces the basic principles, standards, legislation, policies, rationale and requirements of an Information Security Management System based on the ISO/IEC 27000x standards. Since risk management is part of the requirements of an ISMS, this module also aims to provide the basic principles, phases and methodologies for implementing it. Mitigation Actions (technical and non-technical) and procedures will be introduced, assessed and evaluated, as well as development of security reports.
- Docente: Nuno Pedrosa
The module provides an understanding of the underlying properties and principles associated with cybersecurity risk management with particular focus on the energy sector. It offers the learners the opportunity to understand and adopt the relevant standard for risk management and governance to the energy domain.
This work has been funded by the European Union. Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union or Health and Digital Executive Agency (H A D E A).
- Docente: Argyro Chatzopoulou