Introduction
The ISO/IEC 27005 Risk Manager eLearning training course provides valuable information on risk management concepts and principles outlined by ISO/IEC 27005 and also ISO 31000. The training course provides participants with the necessary knowledge and skills to identify, evaluate, analyze, treat, and communicate information security risks based on ISO/IEC 27005. Furthermore, the training course provides an overview of other best risk assessment methods, such as OCTAVE, MEHARI, EBIOS, NIST, CRAMM, and Harmonized TRA.
Audience profile
- Managers or consultants involved in or responsible for information security in an organization
- Individuals responsible for managing information security risks
- Members of information security teams, IT professionals, and privacy officers
- Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001in an organization
- Project managers, consultants, or expert advisers seeking to master the management of information security risks
Pre-requisites
General knowledge of Information Security Risk Management.
Course objectives
- Understand fundamental risk management concepts, approaches, methods, and techniques
- Learn how to establish a risk management framework in the context of an organization
- Understand and interpret the requirements of ISO 31000 in the specific context of an organization.
- Understand the basic approaches, methods, and practices used to integrate risk management in an organization’s key and daily operation
eLearning experience
The ISO/IEC 27005 Risk Manager eLearning training course is delivered on the KATE app. It becomes available after you log in using your PECB account.
In addition to having the training course content in the video format, you can also access the regular training course materials format, structured in training course days, with the additional files available in an editable format (depending on the training course, the case study, exercises, and correction key files will also be available).
Additionally, quizzes are part of the training course to increase interactivity between attendants and the training material.
- Take the training course
- Access the materials on KATE
- Take the exam at your most convenient date, time, and location via PECB Exams
Course content
| Section 1: Training course objectives and structure |
| Section 2: Standards and regulatory frameworks |
| Section 3: Fundamental concepts and principles of information security risk |
| Section 4: Information security risk management program |
| Section 5: Context establishment |
| Section 6: Risk identification |
| Section 7: Risk analysis |
| Section 8: Risk evaluation |
| Section 9: Risk treatment |
| Section 10: Information security risk communication and consultation |
| Section 11: Information security risk recording and reporting |
| Section 12: Information security risk monitoring and review |
| Section 13: OCTAVE and MEHARI methodologies |
| Section 14: EBIOS method and NIST framework |
| Section 15: CRAMM and TRA methods |
| Section 16: Closing of the training course |
Associated certifications and exam
The “PECB Certified ISO 31000 Risk Manager” exam meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competency domains:
- Domain 1: Fundamental principles and concepts of risk management
- Domain 2: Implementation of an information security risk management program
- Domain 3: Information security risk management framework and processes based on ISO/IEC 27005
- Domain 4: Other information security risk assessment methods
Certificate requirements
After successfully passing the exam, you can apply for one of the credentials shown below. You will receive the certificate once you comply with all the requirements related to the selected credential.
| Credential |
Exam |
Professional experience |
Information Security Risk Management experience |
Other requirements |
| PECB Certified ISO/IEC 27005
Provisional Risk Manager |
PECB Certified ISO/IEC 27005 Risk
Manager exam or equivalent |
None |
None |
Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27005
Risk Manager |
PECB Certified ISO/IEC 27005 Risk
Manager exam or equivalent |
Two years: One year of work
experience in ISRM |
Information Security Risk Management activities: a total of 200 hours |
Signing the PECB Code of Ethics |
General information:
- Certification fees are included in the exam price
- Participants of the training course will receive over 350 pages of training materials, containing valuable information and practical examples
- Participants of the training course will receive an attestation of course completion worth 21 CPD (Continuing Professional Development) credits
- Participants who have completed the training course and failed to pass the exam, are eligible to retake it once for free within a 12-month period from the initial date of the exam
