ISO/IEC 27005:2022 Risk Manager
Become confident in practical risk management based on 27005:2022.
Audience
The course is aimed at people with responsibility for, or interest in, information security and risk management. It is suitable for IT managers, security officers, risk managers, information security team members, consultants, compliance officers, privacy officers, project managers and advisors who will contribute to the establishment, operation or improvement of risk management and security programs in the organization. The course is also relevant for those who want insight into how risk management processes can support an information security management system (ISMS).
Learning objectives
Participants will gain a thorough understanding of the concepts, principles and structure of risk management in the field of information security according to the ISO/IEC 27005 standard, including how it builds on or supplements the guidelines of ISO 31000. They will learn methods and processes for risk assessment, risk management, risk communication and consultation, risk registration, reporting, monitoring and review. They will also gain insight into several established risk assessment methods (such as OCTAVE, EBIOS, MEHARI, NIST Risk Management Framework, CRAMM and harmonized TRA) so that they can assess which method is best suited for their business.
After completing the course you will be able to
- Explain basic principles and concepts of information security risk management according to ISO/IEC 27005 and ISO 31000
- Establish, maintain and improve a risk management framework adapted to the context of the organization
- Plan and implement risk assessment and risk management, including identification, analysis, assessment and management of risks
- Implement risk communication, consultation, registration, reporting, monitoring and continuous follow-up of the risk management process
- Selecting and applying appropriate risk assessment methods (qualitative/quantitative), and integrating risk management with the organization's other management systems/ISMS
- Advise and support the organization with the creation and management of information security risks
See accompanying documents and guidance for this course at this page. Please contact us if you have any other questions.
Read more about the course at PECB website, or download updated brochure for this course here.
PECB courses are conducted in PECB's own learning portal, with presentations, materials for self-study as well as video where available. After payment, you sign up for the course, and receive an email from PECB with registration link, normally within 24 hours of booking.
The price for courses (self-study and e-learning) includes one year of access. During this period, the examination, one new exam if necessary, as well as the issuance of a certificate are included.
If you choose not to attend courses and only want to take the exam, the exam and certificate must be paid separately. The payment is made directly to the PECB.
Popular courses
Conflict management for waiters and bartenders
Handle demanding guest situations professionally.
