Risk Management: Certified ISO 27005 Risk Manager


Program Description

ISO 27005 Risk Manager mode of study

  • Option 1: Public course 3-day ISO 27005 Risk Manager certification programme
  • Option 2: In-house training

Risk Management according to ISO 27005

The purpose of ISO 27005 (latest update) is to provide guidelines for Information Security Risk Management. ISO 27005 supports the general concepts specified in ISO 27001 and is designed to assist the satisfactory implementation of Information Security based on a Risk Management approach. ISO 27005 does not specify or recommend any specific risk analysis method, although it does specify a structured, systematic and rigorous process from analyzing risks to creating the risk treatment plan.

The 3-day Certified ISO 27005 Risk Manager training offers you knowledge of the concepts, models, processes and terminologies, described in ISO 27001 and ISO 27002, important for a complete understanding of the international ISO 27005 standard.

ISO 27005:2011

The ISO 27000 series is an international information security standard published by ISO (International Organization for Standardization). The ISO 27005 standard was published in June 2008. In 2011 a new version of ISO 27005 was released by ISO, ISO 27005:2011.

Risk Management is critical to good business governance!

The essential international ISO 27005 standard helps organisations with advice on the why what and how of managing information security risks in support of their governance objectives.

In this intensive 3-day Certified Risk Manager training, you develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO 27005 standard as a reference framework.

What will you learn in the Certified ISO 27005 Risk Manager training?

  • You will acquire the knowledge necessary for the implementation, management and maintenance of an ongoing Risk Management program.
  • You will understand the concepts, approaches, standards, methods and techniques, allowing an effective management of risk according to ISO 27005.
  • You will understand the relationship between the Information Security Management System (ISMS) (including Risk Management), the security controls and how to comply with the requirements of different stakeholders of your organization.
  • How to interpret the requirements of ISO 27001 on Information Security Risk Management.
  • How to acquire the competence to implement, maintain and manage an ongoing Information Security Risk Management program according to ISO 27005.
  • You will acquire the competence to effectively advise organisations / your organization on the best practices in Information Security Risk Management.

Based on practical exercises and case studies, you acquire the necessary knowledge and skills to perform an optimal Information Security Risk Assessment and manage risks in time by being familiar with their lifecycle. You will learn the different methods of risk assessment used on the market e.g.: CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide.

Risk Management training - educational approach

The 3-day Risk Manager training is based on both theory and practice. Sessions of lectures are illustrated with examples based on real cases. There are lots of review exercises to assist with exam preparation.

Risk Management training - target group

ISO 27005 is an essential standard for those who want to manage their risks effectively and is, in particular, a must for those who want to comply with the popular Information Security Management systems standard ISO 27001.

The international standard ISO 27005 is applicable to all types of organisations (e.g. commercial enterprises, government agencies, non-profit organizations) that intend to manage the risks that could compromise their organisation's information security.

Who should participate?

Risk managers, information security managers, IT consultants, staff implementing or seeking to comply with ISO 27001 c.q. ISO 27005 or are involved in a Risk Management program.

Risk Management training - limited number of participants

To benefit from the practical exercises, the number of training participants is limited.

ISO 27005 Risk Manager training - prerequisites

There are no specific prerequisites for understanding the Risk Management programme and successfully pass the ISO 27005 Risk Manager exam.

Certified ISO 27005 Risk Manager examination and certification

The Certified ISO 27005 Risk Manager exam fully meets the requirements of the PECB Examination and certification programme. The exam covers the following competency domains:

  • Domain 1
    Fundamental concepts, approaches, methods and techniques of risk management.
  • Domain 2
    Implementation of a risk management program.
  • Domain 3
    Information security risk assessment based on ISO 27000.

The Certified ISO 27005 Risk Manager exam is available in different languages. A certificate of ISO 27005 Risk Manager will be issued to participants who successfully pass the exam and comply with all other requirements related to this credential.

About PECB (Professional Evaluation and Certification Board)

Founded in 2005, PCEB Inc. is a personnel certification body for various standards, including ISO 9001, ISO 14001, ISO 2000, ISO 27001, ISO 27005, BS 25999 and ISO 31000.

Who is your trainer?

The Risk Management training - Certified ISO 27005 Risk Manager is given by a well-experienced trainer.

Risk Management training - general information

A student manual containing all information and practical examples will be distributed. A participation certificate of 21 CPE (Continuing Professional Education) credits will be issued to the participants.


Do you prefer an in-house Certified ISO 27005 Risk Manager training?
With at least 5 persons an in-house training on Certified ISO 27005 Risk Manager could be your best choice. An in-company training has several advantages. The in-house Certified ISO 27005 Risk Manager training:

  • saves you time and money;
  • enables you to train in the comfort of your own working environment;
  • can be arranged for groups of 5 people or more;
  • will take place at a time chosen by and convenient to you; and
  • sensitive issues can be openly discussed because there are no outsiders.


DAY I Introduction, Risk Management program, risk identification and assessment according to ISO 27005

  • Concepts and definitions related to Risk Management
  • Risk Management standards, frameworks and methodologies
  • Implementation of an Information Security Risk Management program
  • Risk analysis (identification and estimation)

DAY II Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005

  • Risk assessment
  • Risk treatment
  • Acceptance of Information Security Risks and Management of residual risks
  • Information Security Risk communication
  • Information Security Risk monitoring and review

DAY III Introduction to methods of risk assessment

  • Introduction to CRAMM (CCTA Risk Analysis and Management Method)
  • Introduction to EBIOS (Expression des Besoins et Identification des Objectifs de Security©)
  • Introduction to MEHARI (MEthode Harmonise d'Analyse de RIsques)
  • Introduction to OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)
  • Introduction to Microsoft Security Risk Management
  • ISO 27005 Certified Risk Manager exam
Last updated Apr 2018

About the School

IMF Academy is part of International Management Forum (IMF), an independent publisher and training organisation focusing on business information for higher-educated managers and decision makers in lar ... Read More

IMF Academy is part of International Management Forum (IMF), an independent publisher and training organisation focusing on business information for higher-educated managers and decision makers in large and middle-sized organisations. Read less
Eindhoven , Amsterdam , Leiden , Utrecht , Brussels + 4 More Less