fr
en
ISO/IEC 27005 Risk Manager: Information Security Risk Management
Today, knowing and managing risks related to information systems (IS) security is essential for the smooth operation of any organization. Even the smallest incident can have critical consequences for a business. For this reason, it is important to be trained on the ISO/IEC 27005 standard in order to become a certified risk manager.
Our training will provide you with all the necessary skills to master the assets and processes related to information security, in compliance with the ISO/IEC 27005:2022 standard. You will also explore other risk management methods such as OCTAVE, EBIOS, MEHARI, and the EMR method. This training is also highly relevant if you wish to implement an Information Security Management System (ISMS) in line with the ISO/IEC 27001:2022 standard.
At the end of this training, you will take the ISO/IEC 27005 Risk Manager exam. Passing this exam will validate your knowledge and skills and enable you to obtain one of the PECB titles, such as PECB Certified ISO/IEC 27005 Provisional Manager, which does not require any prior professional experience (more information in the Certification section).
Targets
By the end of the ISO/IEC 27005 Risk Manager training, you will be able to:
- Understand security measures related to information risk management
- Acquire the principles, methodology, and techniques of risk management in compliance with the ISO/IEC 27005:2022 standard
- Understand and apply the rules of the ISO/IEC 27001:2022 standard within information security risk management
- Advise organizations on the most effective risk management practices in the field of information security
- Successfully pass the PECB ISO/IEC 27005:2022 Risk Manager exam and obtain one of the three associated qualifications
Program
Note: The course materials and the PECB ISO/IEC 27005 Risk Manager exam are available in both French and English.
Day 1: Introduction to Risk Management and the ISO/IEC 27005 Standard
- Introduction Round
- Individual introductions
- Exploration of participants’ expectations and objectives
- Introduction to the training framework
- Alignment with specific goals and challenges
- Identification of participants’ expectations and perspectives
- Understanding and defining risk
- Understanding the ISO/IEC 27005:2022 standard
- Identifying critical business processes
- Establishing a risk management program
Day 2: Implementing the Risk Management Process According to ISO/IEC 27005
- Identifying risks
- Analyzing and evaluating risks
- Using the quantitative method to assess risks
- Treating risks
- Accepting and managing residual risks
- Communicating about information security risks
- Monitoring and reviewing risks
Day 3: Overview of Other Information Security Risk Assessment Methods
- OCTAVE method
- MEHARI method
- EBIOS method
- Harmonized EMR methodology
- Exam preparation
- Review of key points covered throughout the training
- Detailed presentation of the exam (structure, format, and topics)
- Tips and strategies for success (methodology, time management, etc.)
Prerequisites
Attending this training requires the following prerequisite:
- A good knowledge of the ISO/IEC 27005 standard as well as methods for assessing information security risks.
Public
This training is intended for the following audiences:
- Managers and team members involved in information security, compliance, and risk management
- Individuals involved in the implementation and compliance of the ISO/IEC 27001 standard within an organization
- Any IT or data protection professional or consultant
Strong points
- Practical exercises based on real case studies with 350 pages of documentation
- 21 CPD credits
- PECB certification exam included in the training fee
- Free retake within 12 months in case of failure
Certification
This training enables you to take the PECB Certified ISO/IEC 27005 Risk Manager professional certification exam. A coupon code will be provided at the end of the course so that you can schedule your exam online.
Exam details:
The PECB ISO/IEC 27005 Risk Manager exam, available in French or English, consists of 80 multiple-choice questions to be completed within a maximum of 2 hours. It is aligned with the requirements of the PECB Examination and Certification Program and covers the following areas of competence:
- Fundamental principles and concepts of information security risk management
- Implementation of an information security risk management program
- The risk management process and framework according to the ISO/IEC 27005:2022 standard
- Other methods of information security risk assessment
Upon successful completion of your exam, you may apply for one of the three following qualifications, depending on your professional experience:
| Qualifications | Exam | Professional experience | Information security risk management experience | Other requirements |
|---|---|---|---|---|
| PECB Certified ISO/IEC 27005:2022 Provisional Risk Manager | PECB Certified ISO/IEC 27005:2022 Risk Manager exam or equivalent | None | None | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27005:2022 Risk Manager | PECB Certified ISO/IEC 27005:2022 Risk Manager exam or equivalent | 2 years, including 1 year of risk management experience | Risk management activities totaling 200 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27005:2022 Senior Risk Manager | PECB Certified ISO/IEC 27005:2022 Risk Manager exam or equivalent | 10 years, including 7 years of risk management experience | Risk management activities totaling 1000 hours | Signing the PECB Code of Ethics |
For more details on the conditions, please refer to the PECB Examination Rules and the PECB Certification Rules.
Targets
By the end of the ISO/IEC 27005 Risk Manager training, you will be able to:
- Understand security measures related to information risk management
- Acquire the principles, methodology, and techniques of risk management in compliance with the ISO/IEC 27005:2022 standard
- Understand and apply the rules of the ISO/IEC 27001:2022 standard within information security risk management
- Advise organizations on the most effective risk management practices in the field of information security
- Successfully pass the PECB ISO/IEC 27005:2022 Risk Manager exam and obtain one of the three associated qualifications
Program
Note: The course materials and the PECB ISO/IEC 27005 Risk Manager exam are available in both French and English.
Day 1: Introduction to Risk Management and the ISO/IEC 27005 Standard
- Introduction Round
- Individual introductions
- Exploration of participants’ expectations and objectives
- Introduction to the training framework
- Alignment with specific goals and challenges
- Identification of participants’ expectations and perspectives
- Understanding and defining risk
- Understanding the ISO/IEC 27005:2022 standard
- Identifying critical business processes
- Establishing a risk management program
Day 2: Implementing the Risk Management Process According to ISO/IEC 27005
- Identifying risks
- Analyzing and evaluating risks
- Using the quantitative method to assess risks
- Treating risks
- Accepting and managing residual risks
- Communicating about information security risks
- Monitoring and reviewing risks
Day 3: Overview of Other Information Security Risk Assessment Methods
- OCTAVE method
- MEHARI method
- EBIOS method
- Harmonized EMR methodology
- Exam preparation
- Review of key points covered throughout the training
- Detailed presentation of the exam (structure, format, and topics)
- Tips and strategies for success (methodology, time management, etc.)
Prerequisites
Attending this training requires the following prerequisite:
- A good knowledge of the ISO/IEC 27005 standard as well as methods for assessing information security risks.
Public
This training is intended for the following audiences:
- Managers and team members involved in information security, compliance, and risk management
- Individuals involved in the implementation and compliance of the ISO/IEC 27001 standard within an organization
- Any IT or data protection professional or consultant
Strong points
- Practical exercises based on real case studies with 350 pages of documentation
- 21 CPD credits
- PECB certification exam included in the training fee
- Free retake within 12 months in case of failure
Certification
This training enables you to take the PECB Certified ISO/IEC 27005 Risk Manager professional certification exam. A coupon code will be provided at the end of the course so that you can schedule your exam online.
Exam details:
The PECB ISO/IEC 27005 Risk Manager exam, available in French or English, consists of 80 multiple-choice questions to be completed within a maximum of 2 hours. It is aligned with the requirements of the PECB Examination and Certification Program and covers the following areas of competence:
- Fundamental principles and concepts of information security risk management
- Implementation of an information security risk management program
- The risk management process and framework according to the ISO/IEC 27005:2022 standard
- Other methods of information security risk assessment
Upon successful completion of your exam, you may apply for one of the three following qualifications, depending on your professional experience:
| Qualifications | Exam | Professional experience | Information security risk management experience | Other requirements |
|---|---|---|---|---|
| PECB Certified ISO/IEC 27005:2022 Provisional Risk Manager | PECB Certified ISO/IEC 27005:2022 Risk Manager exam or equivalent | None | None | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27005:2022 Risk Manager | PECB Certified ISO/IEC 27005:2022 Risk Manager exam or equivalent | 2 years, including 1 year of risk management experience | Risk management activities totaling 200 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27005:2022 Senior Risk Manager | PECB Certified ISO/IEC 27005:2022 Risk Manager exam or equivalent | 10 years, including 7 years of risk management experience | Risk management activities totaling 1000 hours | Signing the PECB Code of Ethics |
For more details on the conditions, please refer to the PECB Examination Rules and the PECB Certification Rules.