ISO/IEC 27005 Lead Risk Manager – Self-Study

About the course

Why should you take this training course?

Risk management is an essential component of any information security program. An effective information security risk management program enables organisations to detect, address, mitigate, and even prevent information security risks.

The ISO/IEC 27005 Lead Risk Manager training course provides an information security risk management framework based on ISO/IEC 27005 guidelines. This also supports the general concepts of ISO/IEC 27001. Participants will receive a thorough understanding of other best risk management frameworks and methodologies, such as OCTAVE, EBIOS, MEHARI, CRAMM, NIST, and Harmonized TRA.

Training done in collaboration with


Course Outlines

Course Agenda

Duration: Can be taken at your own pace.

Day 1: Introduction to ISO/IEC 27005 and information security risk management

  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Fundamental concepts and principles of information security risk management
  • Information security risk management program
  • Context establishment

Day 2 Risk identification, analysis, evaluation, and treatment based on ISO/IEC 27005

  • Risk identification
  • Risk analysis
  • Risk evaluation
  • Risk treatment

Day 3 Information security risk communication and consultation, recording and reporting, and monitoring and review

  • Information security risk communication and consultation
  • Information security risk recording and reporting
  • Information security risk monitoring and review

Day 4 Risk assessment methods

  • OCTAVE and MEHARI methodologies
  • EBIOS method
  • NIST framework
  • CRAMM and TRA methods
  • Closing of the training course

Day 5 Certification Exam (3 Hours)

The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

  • Domain 1 Fundamental principles and concepts of information security risk management.
  • Domain 2 Implementation of an information security risk management program.
  • Domain 3 Information security risk assessment.
  • Domain 4 Information security risk treatment.
  • Domain 5 Information security risk communication, monitoring, and improvement.
  • Domain 6 Information security risk assessment methodologies.

Course Details

Duration: Up to 6 months

Starts: Upon Registration

Ends: After Examination

You'll be signed up to our PECB platform KATE where you will have access to all training procedures.

  • Certification fees are included on the exam price.
  • Training material containing over 450 pages of information and practical examples will be distributed.
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued.
  • In case of exam failure, you can retake the exam within 12 months for free.

Educational Approach

  • The training course provides best practices of risk management that will help participants prepare for real-life situations.
  • The training course contains essay-type exercises (some of which are based on a case study) and multiple-choice quizzes (some of which are scenario-based).
  • Participants are encouraged to communicate and discuss with each other when completing stand-alone and scenario-based quizzes and exercises.
  • The structure of the quizzes is similar to the certification exam.

Learning Objectives

Upon successfully completing the training course, participants will be able to:

  • Explain the risk management concepts and principles based on ISO/IEC 27005 and ISO 31000.
  • Establish, maintain, and continually improve an information security risk management framework based on the guidelines of ISO/IEC 27005 and best practices.
  • Apply information security risk management processes based on the guidelines of ISO/IEC 27005.
  • Plan and establish risk communication and consultation activities.
  • Record, report, monitor, and review the information security risk management process and framework.

Frequently Asked Questions

What are the Prerequisites

The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of risk management and information security.

Who should attend?

  • Managers or consultants involved in or responsible for information security in an organisation.
  • Individuals responsible for managing information security risks, such as ISMS professionals and risk owners.
  • Members of information security teams, IT professionals, and privacy officers.
  • Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organisation.
  • Project managers, consultants, or expert advisers seeking to master the management of information security risks.

How do I maintain my Certification?

PECB certifications last three years. PECB certified professionals must meet the following requirements in order to maintain their certification:

  • CPDs must be submitted to PECB.
  • Annual Maintenance is payable to PECB.
  • Follow the PECB Code of Ethics.

ISO/IEC 27005 Lead Risk Manager – Self-Study


Obtain the necessary knowledge and competencies to support organisations in establishing information security risk management frameworks based on ISO/IEC 27005 and other risk assessment methodologies

Self-Study Course: €1,000 + VAT