ISO/IEC 27005 Information Security Risk Management – Training Courses
What is ISO/IEC 27005?
ISO/IEC 27005 provides a risk management framework for organizations to manage information security risks. Specifically, it provides guidelines on identifying, analyzing, evaluating, treating, and monitoring information security risks. The standard supports the guidelines of ISO 31000 and is particularly helpful for organizations aiming to safeguard their information assets and achieve information security objectives.
A risk management process based on ISO/IEC 27005 involves the establishment of an iterative risk assessment approach, implementation of risk treatment options, continual communication and consultation with interested parties, monitoring and review of the risk management process, and documentation of risk management processes and results.
ISO/IEC 27005 can be really helpful for organizations that seek to meet the requirements of ISO/IEC 27001 regarding risk management. By establishing a risk management process based on ISO/IEC 27005, organizations increase the effectiveness of their ISMS, address information security risks, and establish appropriate information security risk management practices.
ISO/IEC 27005 Foundation
ISO/IEC 27005 Foundation training course provides information on the fundamental concepts and principles of information security risk management based on ISO/IEC 27005.
Why Should You Attend?
ISO/IEC 27005 Foundation is a two-day training course that focuses on the information security risk management process introduced by ISO/IEC 27005 and the structure of the standard. It provides an overview of the guidelines of ISO/IEC 27005 for managing information security risks, including context establishment, risk assessment, risk treatment, communication and consultation, recording and reporting, and monitoring and review.
After attending the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” designation. This certificate demonstrates that you have a general knowledge of ISO/IEC 27005 guidelines for information security risk management.
Who Can Attend?
The ISO/IEC 27005 Foundation training course is intended for:
- Risk management professionals
- Professionals wishing to get acquainted with the guidelines of ISO/IEC 27005 for information security risk management
- Personnel tasked with managing information security risks in their area of responsibility
- Individuals interested in pursuing a career in information security risk management
Learning Objectives
Upon successful completion of this training course, you will be able to:
- Describe the main risk management concepts, principles, and definitions
- Interpret the guidelines of ISO/IEC 27005 for managing information security risks
- Identify approaches, methods, and techniques used for the implementation and management of an information security risk management program
Educational Approach
The training course is participant centered and:
- Contains lecture sessions illustrated with examples and discussions
- Encourages interaction between participants by means of questions and suggestions
- Includes quizzes with similar structure to the exam
Prerequisites
There are no prerequisites to participate in this training course.
Course agenda
-
Day 1: Introduction to ISO/IEC 27005 and fundamental concepts of information security risk management
Day 2: Information security risk management and certificate exam
Examination
-
This course is taught in partnership with PECB. The exam fully meets the requirements of the PECB Examination and Certificate Programme. It covers the following competency domains:
Domain 1: Fundamental concepts of information security risk management
Domain 2: Information security risk management approaches and processes
For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.
Certificate requirements
-
First, a candidate needs to complete the PECB ISO/IEC 27005 Foundation training course. Then, they need to take the exam and after successfully passing the exam, candidates will be able to apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” certificate. This is an entry-level credential.
There are no prerequisites on professional or risk management project experience required. Thus, following the training course, passing the exam and applying for the certificate are the only certificate program requisites that certificate holders shall meet before obtaining the certificate.
For more information, please refer to the Certification Rules and Policies.
The certificate requirements are:
Designation Exam Professional experience Risk Management experience Other requirements PECB Certificate Holder in ISO/IEC 27005 Foundation Pass the PECB ISO/IEC 27005 Foundation exam None None Signing the PECB Code of Ethics
General Information
- Certificate and examination fees are included in the price of the training course.
- Training material containing over 200 pages of information and practical examples will be distributed.
- An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- In case of exam failure, you can retake the exam within 12 months for free.
For additional information, please contact us at info@globalskillsfactory.fi