ISO/ IEC 27005 Risk Manager
Course Outline
The ISO/IEC 27005 Risk Manager training course is delivered over three days, each focusing on a key aspect of information security risk management. Day 1 introduces the fundamentals of ISO/IEC 27005 and provides an overview of risk management concepts, principles, and frameworks. Participants gain an understanding of how ISO/IEC 27005 aligns with ISO 31000 and supports effective information security management within an organisation.
Day 2 explores the processes of risk assessment, risk treatment, and risk communication and consultation. Through practical exercises and discussions, participants learn how to identify, evaluate, and address risks while ensuring clear communication and stakeholder engagement throughout the process. Day 3 focuses on risk recording and reporting, as well as the ongoing monitoring and review of the risk management process. Participants are also introduced to widely used risk assessment methods such as OCTAVE, MEHARI, EBIOS, NIST, CRAMM, and Harmonised TRA, ensuring they are equipped to apply best practices in various organisational contexts.
Prerequisites
Participants who attend this training course need to have a fundamental understanding of information security concepts and ISO/IEC 27001 requirements.
Learning Objectives
Upon successful completion of the ISO/IEC 27005 Foundation course, participants will be able to describe the key concepts, principles, and definitions related to information security risk management, providing a solid foundation for applying risk management practices effectively. Participants will also be able to interpret the guidelines of ISO/IEC 27005, enabling them to manage information security risks in accordance with the standard. Finally, attendees will gain the ability to identify and apply approaches, methods, and techniques for implementing and managing an information security risk management programme within their organisation.
Specialist Skills Hub are a proud partner of ELCAS, supporting those leaving the armed forces to transition into a career in the tech industry. Find out more here.
Why Should You Attend?
The ISO/IEC 27005 Risk Manager training course offers comprehensive guidance on the principles and practices of information security risk management as outlined in ISO/IEC 27005 and ISO 31000. It equips participants with the knowledge and skills required to identify, evaluate, analyse, treat, and communicate information security risks effectively. In addition, the course introduces participants to widely recognised risk assessment methods, including OCTAVE, MEHARI, EBIOS, NIST, CRAMM, and Harmonised TRA, providing a well-rounded understanding of industry best practices.
Earning the PECB ISO/IEC 27005 Risk Manager certification demonstrates your understanding of key risk management concepts and principles and your ability to apply them in real-world situations. The course concludes with an examination, and successful candidates can apply for the “PECB Certified ISO/IEC 27005 Risk Manager” credential — a globally recognised certification that validates your expertise in managing information security risks.
Specialist Skills Hub are a BCS approved training centre.
Who Should Attend?
The ISO/IEC 27005 Risk Manager training course is designed for professionals involved in the management and protection of information security within their organisations. It is particularly suited for managers and consultants responsible for implementing or overseeing information security frameworks and ensuring that effective risk management practices are in place. The course is also ideal for individuals directly responsible for identifying, assessing, and managing information security risks, including members of information security teams, IT professionals, and privacy officers who play a key role in maintaining organisational resilience. Additionally, it benefits those tasked with ensuring compliance with the information security requirements of ISO/IEC 27001, as well as project managers, consultants, and expert advisers aiming to deepen their understanding of information security risk management and strengthen their ability to lead risk-based initiatives.
Specialist Skills Hub are proud to be a living wage employer.
General Information
The certification and examination fees are included in the cost of the ISO/IEC 27005 Risk Manager training course, ensuring that participants can focus entirely on their learning and professional development. Each participant will receive comprehensive training materials consisting of over 350 pages of detailed information, practical examples, and useful resources designed to support their understanding of ISO/IEC 27005 and its application in real-world scenarios. Upon successful completion of the course, participants will be awarded an attestation of course completion worth 21 Continuing Professional Development (CPD) credits, recognising their achievement and commitment to professional growth. In the event that a participant does not pass the exam on their first attempt, they will have the opportunity to retake it once free of charge within 12 months of the initial exam date.
ELCAS Learners? Contact Us Today to Enquire About Your Course
Examination & Certification
The PECB Certified ISO/IEC 27005 Risk Manager exam fully complies with the requirements of the PECB Examination and Certification Programme (ECP). The exam assesses participants across four key competency domains. The first domain focuses on the fundamental principles and concepts of information security risk management, while the second covers the implementation of an information security risk management programme. The third domain evaluates understanding of the risk management framework and processes based on ISO/IEC 27005, and the fourth explores other recognised information security risk assessment methods.
After successfully completing the exam, candidates may apply for one of three available credentials, depending on their professional experience and practical engagement in risk management activities. The PECB Certified ISO/IEC 27005 Provisional Risk Manager credential requires no prior professional experience or practical hours but does require signing the PECB Code of Ethics. The PECB Certified ISO/IEC 27005 Risk Manager credential requires two years of professional experience, including at least one year in information security risk management and a minimum of 200 hours of related activities. For those with extensive experience, the PECB Certified ISO/IEC 27005 Senior Risk Manager credential requires ten years of professional experience, including seven years in information security risk management and at least 1,000 hours of practical engagement.
To qualify, information security risk management activities must adhere to best implementation and management practices. These include defining a risk management approach, determining objectives and scope, conducting risk assessments, developing and implementing risk management programmes, setting evaluation and acceptance criteria, evaluating treatment options, and continuously monitoring and reviewing the risk management process.
Dates & Locations
The course will be delivered live online via Microsoft Teams, offering a flexible and accessible learning experience. Participants can join from any location, gaining the benefits of interactive, instructor-led training without the need for travel. Dates are scheduled throughout the year. See the scheduled dates above or contact us to enquire about alternative dates.
Start Your Learning Now!
