Project and Processes Management

ISO/IEC 27005 Risk Manager





Target Audience

This training course is intended for:

  • Managers or consultants involved in or responsible for information security in an organization
  • Individuals responsible for managing information security risks  
  • Members of information security teams, IT professionals, and privacy officers
  • Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
  • Project managers, consultants, or expert advisers seeking to master the management of information security risks

Skills Gained

Upon the successful completion of this training course, you will be able to:

  • Explain the risk management concepts and principles outlined by ISO/IEC 27005 and ISO 31000
  • Establish, maintain, and improve an information security risk management framework based on the guidelines of ISO/IEC 27005 
  • Apply information security risk management processes based on the guidelines of ISO/IEC 27005
  • Plan and establish risk communication and consultation activities

Certificate and Exam

  • After successfully completing the exam, you can apply for one of the credentials shown on the table below. You will receive a certificate once you meet the requirements related to the selected credential.

    Credential Exam Professional experience Information Security Risk Management experience Other requirements
    PECB Ceritified ISO/IEC 27005 Provisional Risk Manager PECB Certified ISO/IEC 27005 Risk Manager exam or equivalent None None

    Signing the PECB Code of Ethics

    PECB Certified ISO/IEC 27005 Risk Manager PECB Certified ISO/IEC 27005 Risk Manager exam or equivalent Two years: One year of work experience in ISRM Information Security Risk Management activities: a total of 200 hours Signing the PECB Code of Ethics

    To be considered valid, these information security activities should follow best implementation and management practices and include the following:

    1. Defining a risk management approach
    2. Determining the risk management objectives and scope
    3. Conducting a risk assessment
    4. Developing a risk management program
    5. Defining risk evaluation and risk acceptance criteria
    6. Evaluating risk treatment options
    7. Monitoring and reviewing the risk management program 

    For more information about ISO/IEC 27005 certifications and the PECB Certification process, please refer to Certification Rules and Policies.

Topics Covered

minimize course outline