Information Security Risk Assessment in Civil Aviation

Information Security & Technology

Description: After completing the course, participants will be able to demonstrate the following competences:

Ability to plan and perform risk assessments aligned with ISO/IEC 27005 and ISO 31000,
Competence in identifying information assets, threats, vulnerabilities, and impacts,
Skill in evaluating likelihood and consequences to determine risk levels,
Capability to select and justify appropriate risk treatment measures,
Proficiency in documenting and presenting risk analysis outcomes to management and regulators.

Previous skills/knowledge: Participants are expected to have the following basic knowledge:

Authorized Partners:

Teaching requirements: Trainers should meet the following requirements:

Subject Matter Expertise: Expertise in ISO/IEC 27005, ISO/IEC 27001, ISO 31000, and familiarity with EASA PART-IS requirements for risk analysis in aviation.
Certifications: Recommended credentials include ISO/IEC 27001 Lead Implementer or Lead Risk Manager, and practical experience with risk assessments in the aviation sector.
Training & Practical Experience: Minimum 2–3 years of practical experience in performing and guiding information security risk assessments, particularly in aviation or regulated industries.

Objectives to achieve: The course aims to achieve the following objectives:

Understand the principles and regulatory requirements for conducting risk assessments in accordance with ISO/IEC 27005 and EASA PART-IS,
Develop the ability to define risk criteria and context relevant to aviation organizations,
Learn to identify, analyze, evaluate, and treat risks using structured and repeatable approaches,
Gain skills to document risk registers, communicate results, and support decision-making,
Enable participants to align risk analysis results with ISMS objectives, business goals, and regulatory expectations.

Authorized Partners: