Master the fundamental principles and concepts of Risk Assessment and Optimal Risk Management in Information Security based on ISO/IEC 27005
ISO/IEC 27005 Lead Risk Manager training enables you to acquire the necessary expertise to support an organization in the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training will also contain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course supports the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.
After mastering all the necessary concepts of Information Security Risk Management based on ISO/IEC 27005, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27005 Lead Risk Manager” credential. By holding a PECB Lead Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Risks.
Introduction to ISO 27005, concepts and implementation of a risk management program
Course objectives and structure
Standard and regulatory framework
Concepts and definitions of risk
Implementing a risk management programme
Risk identification, evaluation, and treatment as specified in ISO 27005
Risk Assessment with a quantitive method
Information Security Risk Acceptance, Communication, Consultation, Monitoring and Review
Information security risk acceptance
Information security risk communication and consultation
Information security risk monitoring and review
Risk Assessment Methodologies
Harmonized Treat and Risk Assessment (TRA) Method
Applying for certification and closing the training
Who should attend?
Information Security risk managers
Information Security team members
Individuals responsible for Information Security, compliance, and risk within an organization
Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or individuals who are involved in a risk management program
Information Security officers
Master the concepts, approaches, methods and techniques that enable an effective risk management process based on ISO/IEC 27005
Acknowledge the correlation between Information Security risk management and security controls
Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management
Acquire the competence and skills to effectively advise organizations on Information Security Risk Management best practices
Acquire the knowledge necessary for the implementation, management and maintenance of an ongoing risk management program
Duration: 3 hours
The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:
Domain 1: Fundamental principles and concepts of Information Security Risk Management
Domain 2: Implementation of an Information Security Risk Management program
Domain 3: Information security risk assessment
Domain 4: Information security risk treatment
Domain 5: Information security risk communication, monitoring and improvement
Domain 6: Information security risk assessment methodologie
After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.
However, if you wish to give consent for only certain cookies, please select the "Cookie settings" button and configure your preferences. At any time, you can also make changes to the settings by clicking on the banner in the bottom left corner or in your browser. Detailed information about used cookies and processing of personal data in our Privacy and Cookies Policy.
Necessary cookies are necessary for the proper functioning of the website - they provide basic functionalities and security to the website in an anonymous manner.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.Analytical cookies enable understanding of how users interact with the website. They allow obtaining information about the number of visitors, bounce rate, traffic sources, etc. These files help improve the website's performance.
Marketing cookies are used to display personalized ads and marketing campaigns to visitors. They track users across different websites and collect information that enables the delivery of ads aligned with their interests.