Complete your week at 27K Security Summit with two days of training, and earn your certification. Early registration discounts apply.      Register Now

September 29-30, 9:00 AM – 5:00 PM

Location: Best Western Plus Grosvenor Hotel, South San Francisco, CA  94080

Presented by
securastarlogo1x2   PECB2x1

Mastering the fundamental principles and concepts of Risk Assessment and Optimal Risk Management in Information Security based on ISO/IEC 27005

In this two-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO/IEC 27001:2013 standard.

Who Should Attend

▶ Risk managers
▶ Individuals responsible for Information Security or conformity within an organization
▶ Members of the Information Security team
▶ IT consultants

Course Agenda

Day 1: Introduction, Risk Management program, risk identification and assessment according to ISO 27005

▶ Concepts and definitions related to Risk Management
▶ Risk Management standards, frameworks and methodologies
▶ Implementation of an Information Security Risk Management program
▶ Risk identification and assessment

Day 2: Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005

▶ Risk evaluation and treatment
▶ Acceptance of Information Security risks and management of residual risks
▶ Information Security risk communication, monitoring and review
▶ Certified ISO/IEC 27005 ANSI Accredited Exam

Candidates who do not pass the exam will be able to retake it for free within 12 months from the initial exam date. After successfully completing the exam, participants can apply for the credentials of PECB Certified ISO 27005 Risk Manager.

Learning Objectives

▶ To understand the concepts, approaches, methods and techniques that allow effective Risk Management according to ISO 27005
▶ To interpret the requirements of ISO 27005 on Information Security Risk Management
▶ To understand the relationship between the Information Security Risk Management, the security controls and the compliance with all the other requirements


The “PECB Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:

Domain 1: Fundamental concepts, approaches, methods and techniques of information security risk management

Main Objective: To ensure that the ISO 27005 Risk Manager candidate can understand, interpret and illustrate the main Risk Management guidelines and concepts related to a Risk Management framework based on ISO 27005

Domain 2: Implementation of an information security risk management program

Main Objective: To ensure that the ISO 27005 Risk Manager candidate can implement the processes of a Risk Management reference framework based on ISO 27005

Domain 3: Information security risk assessment based on ISO 27005

Main Objective: To ensure that the ISO 27005 Risk Manager candidate can perform risk assessment in the context of an ISO 27005

▶ The “PECB Certified ISO/IEC 27005 Risk Manager” exam is available in different languages, such as English, French, Spanish and Portuguese
▶ Duration: 2 hours
▶ For more information about the exam, please visit:

General Information

▶ Certification fees are included in the exam price
▶ Participant manual contains more than 350 pages of information and practical examples
▶ A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants
▶ ISO 27005 provides guidance on information security risk management to which organizations cannot get certified against
▶ In case of failure of the exam, participants are allowed to retake it for free under certain conditions