Course description
The ISO/IEC 27005 Risk Manager training course provides valuable information on risk management concepts and principles outlined by ISO/IEC 27005 and also ISO 31000. The training course provides participants with the necessary knowledge and skills to identify, evaluate, analyze, treat, and communicate information security risks based on ISO/IEC 27005. Furthermore, the training course provides an overview of other best risk assessment methods, such as OCTAVE, MEHARI, EBIOS, NIST, CRAMM, and Harmonized TRA.
The PECB ISO/IEC 27005 Risk Manager certification demonstrates that you comprehend the concepts and principles of information security risk management.
- The training course is based on the theory and the best practices of information security.
- The training course provides practical examples and scenarios.
- Participants are encouraged to actively participate and engage in discussions and exercises and quizzes.
- Quizzes are similar in structure with the certification exam.
Required knowledge
Basic knowledge of ISO/IEC 27005 and thorough knowledge of information security risk management.
Course content
Day 1: Introduction to ISO/IEC 27005 and risk management
Day 2: Risk assessment, risk treatment, and risk communication and consultation based on ISO/IEC 27005
Day 3: Risk recording and reporting, monitoring and review, and risk assessment methods
Certification
The “PECB Certified ISO/IEC 27005 Risk Manager” exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:
- Fundamental principles and concepts of information security risk management
- Implementation of an information security risk management program
- Information security risk management framework and processes based on ISO/IEC 27005
- Other information security risk assessment methods