ISO/IEC 27005 Foundation

ISO/IEC 27005 Foundation is a two-day training course that focuses on the information security risk management process introduced by ISO/IEC 27005 and the structure of the standard. It provides an overview of the guidelines of ISO/IEC 27005 for managing information security risks, including context establishment, risk assessment, risk treatment, communication and consultation, recording and reporting, and monitoring and review. 

After attending the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” designation. This certificate demonstrates that you have a general knowledge of ISO/IEC 27005 guidelines for information security risk management.

The training course is participant centered and:

• Contains lecture sessions illustrated with examples and discussions
• Encourages interaction between participants by means of questions and suggestions
• Includes quizzes with similar structure to the exam 

There are no prerequisites to participate in this training course.

• Risk management professionals
• Professionals wishing to get acquainted with the guidelines of ISO/IEC 27005 for information security risk management
• Personnel tasked with managing information security risks in their area of responsibility
• Individuals interested in pursuing a career in information security risk managementrisk management program

Day 1: Introduction to ISO/IEC 27005 and fundamental concepts of information security risk management 
Day 2: Information security risk management and certificate exam

The exam fully meets the requirements of the PECB Examination and Certificate Programme. It covers the following competency domains:

• Fundamental concepts of information security risk management
• Information security risk management approaches and processes

For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

• Certificate and examination fees are included in the price of the training course.
• Training material containing over 200 pages of information and practical examples will be distributed.
• An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course. 
• In case of exam failure, you can retake the exam within 12 months for free. 

• Describe the main risk management concepts, principles, and definitions 
• Interpret the guidelines of ISO/IEC 27005 for managing information security risks
• Identify approaches, methods, and techniques used for the implementation and management of an information security risk management program