ISO/IEC 27005 - Introduction


This one day course allows the participants to familiarize themselves with the fundamentals of risk management related to information security using the standard ISO/IEC 27005:2011 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. It should be noted that this course fits perfectly into the framework of a process of implementation of ISO 27001.


Who should attend?

  • IT professionals wishing to obtain a comprehensive understanding of risk management within an organization
  • Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program
  • Member of the information security team


Learning objectives

  • To understand the basics of the implementation, management and maintenance of an ongoing risk management program
  • To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of risk
  • To interpret the requirements of ISO 27001 on information security risk management
  • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization


Course Agenda

  • Concepts and definitions related to risk management
  • Standards, frameworks and methodologies in risk management
  • Implement a risk management program
  • Risk identification and risk analysis
  • Risk evaluation and risk treatment
  • Acceptance of risk and management of residual risks
  • Communicating, monitoring and controlling risk





Examination and Certification

Not applicable

General information

  • A student manual containing over 100 pages of information and practical examples are given to the participants
  • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to the participants