About the course

Why should you take this training course?

The ISO/IEC 27005 Risk Manager training provides valuable information on risk management concepts and principles outlined by ISO/IEC 27005 and ISO 31000.

The course provides participants with the necessary knowledge and skills to identify, evaluate, analyse, treat, and communicate risks based on ISO/IEC 27005.  It also provides an overview of other best risk assessment methods, such as:

  • NIST
  • CRAMM; and
  • Harmonized TRA.

Training done in collaboration with


Course Outlines

Course Agenda

Duration: Can be taken at your own pace.

Day 1: Introduction to ISO/IEC 27005 and risk management

  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Fundamental concepts and principles of information security risk management
  • Risk management program
  • Context establishment

Day 2 Risk assessment, treatment, acceptance, and risk communication and consultation based on ISO/IEC 27005

  • Risk identification
  • Risk analysis
  • Risk evaluation
  • Risk treatment
  • Information security risk acceptance
  • Information security risk communication and consultation

Day 3 Risk monitoring, review, and risk assessment methods

  • Information security risk monitoring and review
  • OCTAVE and MEHARI methodologies
  • EBIOS method
  • NIST framework
  • CRAMM and TRA methods
  • Closing of the training course

Certification Exam (2 Hours)

The “PECB Certified ISO/IEC 27005 Risk Manager” exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

  • Domain 1 Fundamental principles and concepts of information security risk management.
  • Domain 2 Implementation of an information security risk management program.
  • Domain 3 Information security risk management framework and processes based on ISO/IEC 27005.
  • Domain 4 Other information security risk assessment methods.

For tips on how to pass the ISO/IEC 27005 Risk Manager exam, click this link.


Course Details

Duration: Up to 6 months

Starts: Upon Registration

Ends: After Examination

You'll be signed up to our PECB platform KATE where you will have access to all training procedures.

  • Certification fees are included on the exam price.
  • Training material containing over 350 pages of information and practical examples will be distributed
  • A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued.
  • In case of exam failure, you can retake the exam within 12 months for free.

Learning Objectives

By successfully completing this training course, you will be able to:

  • The training course is based on the theory and the best practices of information security.
  • The training course provides practical examples and scenarios.
  • Participants are encouraged to actively participate and engage in discussions and exercises and quizzes.
  • Quizzes are similar in structure with the certification exam.

Educational Approach

  • This training is based on both theory and best practices used in the implementation and management of information security controls.
  • Participants are encouraged to communicate and discuss with each other while partaking in exercises and quizzes.
  • The structure of quizzes is similar to that of the certification exam.

Frequently Asked Questions

Who should attend?

  • Managers or consultants involved in or responsible for information security in an organisation.
  • Individuals responsible for managing information security risks.
  • Members of information security teams, IT professionals, and privacy officers.
  • Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organisation.
  • Project managers, consultants, or expert advisers seeking to master the management of information security risks.

How do I maintain my Certification?

PECB certifications last three years. PECB certified professionals must meet the following requirements in order to maintain their certification:

  • CPDs must be submitted to PECB.
  • Annual Maintenance is payable to PECB.
  • Follow the PECB Code of Ethics.

ISO/IEC 27005 Risk Manager – Self-Study


Master the Information Security Risk Management process based on ISO/IEC 27005 and other risk assessment methods

Self-Study Course: €550 + VAT