PECB CERTIFIED ISO/IEC 27005 Risk Manager
Master the fundamental principles and concepts of risk assessment and optimal management of information security risks in accordance with ISO/IEC 27005.
The target audience for training
- Information security managers
- Members of an information security team
- Any individual responsible for information security, compliance and risk in an organisation
- Anyone implementing ISO/IEC 27001, wishing to comply with ISO/IEC 27001 or involved in a risk management programme
- IT Consultants
- IT professionals
- Information security officers
- Personal data protection officers
What you will learn
Training "ISO/IEC 27005 Risk Manager will enable you to develop the skills to master the processes related to all assets relevant to information security, using the ISO/IEC 27005 standard as a reference framework. During the course, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and the harmonised EMR methodology. This training course fits in perfectly with the process of implementing the ISMS framework in accordance with the ISO/IEC 27001 standard.
Once you have understood all the concepts relating to information security risk management in accordance with ISO/IEC 27005, you can sit the exam and apply for the title of "ISO/IEC 27005 Risk Manager. By holding a certification "PECB CERTIFIED ISO/IEC 27005 Risk ManagerYou will demonstrate that you have the knowledge and skills required to carry out an optimal assessment of information security risks and to manage information security risks in a timely manner. PECB CERTIFIED ISO/IEC 27005 Risk Manager.
Training programme
- Duration: 3 days
Day 1: Introduction to the ISO/IEC 27005-compliant risk management programme
- Objectives and structure of the course
- Concepts and definitions of risk
- Standards and regulations
- Implementing a risk management programme
- Understanding the organisation and its context
Day 2: Implementing an ISO/IEC 27005-compliant risk management process
- Identifying risks
- Risk analysis and assessment
- Assessing risk using a quantitative method
- Risk management
- Risk acceptance and residual risk management
- Communication and consultation on information security risks
- Risk monitoring and review
Day 3: Overview of other information security risk assessment methods and certification exam
- OCTAVE method
- MEHARI method
- EBIOS method
- Harmonised methodology for EMR
- Closing the course
- Révision des notions principales du processus de gestion des risques.
- Mise en situation et quiz de révision.
- Reminder of the objectives of the exam: structure, duration, format of questions.
- Presentation of the PECB certification process.
- Advice on how to pass the exam.
- Passage de l’examen de certification PECB ISO/IEC 27005.
- Attendance certificates are handed out and participants evaluate the course.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Training review
Examination "PECB Certified ISO/IEC 27005 Risk Manager meets all the requirements of the PECB Examination and Certification Programme (ECP). The examination covers the following areas of competence: Duration: 2 hours
- Area 1: Fundamental principles and concepts of an information security risk management system
- Area 2: Implementation of an information security risk management programme
- Area 3: Information security risk management framework and processes in accordance with ISO/IEC 27005
- Area 4: Other methods of assessing information security risks
Trainer profile :
Expert consultant-trainer in information security risk management, combining technical expertise, field experience and teaching know-how, whose technical, professional and teaching skills have been rigorously assessed and validated as part of our internal selection procedures.
Teaching methods and resources:
The course is based on a balanced combination of theoretical and practical approaches, guaranteeing both the acquisition of knowledge and its operational application:
- Structured theoretical input, illustrated by practical examples tailored to the participants' professional context.
- Practical exercises at each stage to help you assimilate the knowledge you have acquired.
- A case study linking the different skill blocks.
- Strong interaction between trainers and trainees, making exchanges more concrete and in correlation with trainees' expectations.
- Documentation pédagogique complète, fournie au format numérique
- Course evaluation questionnaire at the end of the course, analysed by our teaching team.
- Certificate of acquired skills sent to the trainee at the end of the course.
- End-of-training certificate sent at the same time as the invoice to the company or funding organisation, confirming that the trainee has fully attended the session.
Training objectives
On completion of this course, you will be able to :
- Explain the concepts and principles of risk management as defined by ISO/IEC 27005 and ISO 31000.
- Establish, maintain and improve an information security risk management framework based on the ISO/IEC 27005 guidelines.
- Applying information security risk management processes based on ISO/IEC 27005 guidelines.
- Plan and implement risk communication and consultation activities
Assessment method
- Practical exercises at every stage of the course.
- A case study linking the different skill blocks.
- Quiz at the end of each day's training.
- Self-assessment of knowledge acquired by the trainee via a questionnaire.
Training prerequisites
The Fundamentals of Risk Management course is the ideal prerequisite for this course.
Examination guide
Download the exam guide
- Language : French
- Level : Fundamental
- Certification body : 0
- Certification: Yes
- Accessibility : Yes
- Duration: 3 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).