ISO/IEC 27005 Lead Risk Manager

Day 1: Introduction to ISO/IEC 27005 and information security risk management

• Training course objectives and structure
• Standards and regulatory frameworks
• Fundamental concepts and principles of information security risk management
• Information security risk management program
• Context establishment

Day 2 Risk identification, analysis, evaluation, and treatment based on ISO/IEC 27005

• Risk identification
• Risk analysis
• Risk evaluation
• Risk treatment

Day 3 Information security risk communication and consultation, recording and reporting, and monitoring and review

• Information security risk communication and consultation
• Information security risk recording and reporting
• Information security risk monitoring and review

Day 4 Risk assessment methods

• OCTAVE and MEHARI methodologies
• EBIOS method
• NIST framework
• CRAMM and TRA methods
• Closing of the training course

Domain 1: Fundamental principles and concepts of information security risk management.
Domain 2: Implementation of an information security risk management program.
Domain 3: Information security risk assessment.
Domain 4: Information security risk treatment.
Domain 5: Information security risk communication, monitoring, and improvement.
Domain 6: Information security risk assessment methodologies.

• Training material containing over 450 pages of information and practical examples will be distributed.
• A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued.
• In case of exam failure, you can retake the exam within 12 months for free.

• The training course provides best practices of risk management that will help participants prepare for real-life situations.
• The training course contains essay-type exercises (some of which are based on a case study) and multiple-choice quizzes (some of which are scenario-based).
• Participants are encouraged to communicate and discuss with each other when completing stand-alone and scenario-based quizzes and exercises.
• The structure of the quizzes is similar to the certification exam.

• Explain the risk management concepts and principles based on ISO/IEC 27005 and ISO 31000.
• Establish, maintain, and continually improve an information security risk management framework based on the guidelines of ISO/IEC 27005 and best practices.
• Apply information security risk management processes based on the guidelines of ISO/IEC 27005.
• Plan and establish risk communication and consultation activities.
• Record, report, monitor, and review the information security risk management process and framework.

The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of risk management and information security.