ISO/IEC 27005 Foundation

Become acquainted with the best practices in Information Security Risk Management based on ISO/IEC 27005

Duration: 2 days
Prerequisites: None

Who Should Attend:

  • Members of an information security team
  • IT Professionals wanting to gain a comprehensive knowledge of risk management within an organization
  • Staff involved in the implementation of the ISO/IEC 27005 standard
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • To understand risk management approaches in accordance with ISO/IEC 27005
  • To know the concepts, approaches, standards, methods and techniques allowing effective risk management based on ISO/IEC 27005


This course enables participants to learn about the best practices in risk management based on ISO/IEC 27005, as well as understanding how different parts of a risk management program and the implementation stages of an optimal risk assessment are conducted.

General Information

  • Certification fees are included in the exam price
  • A student manual containing over 200 pages of information and practical examples will be distributed to participants
  • A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participant
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

Day 1: Introduction to Risk Management concepts as required by ISO/IEC 27005

  • Introduction to the ISO/IEC 27000 family of standards
  • Introduction to management systems and the process approach
  • Fundamental principles of risk management
  • General requirements: presentation of the clauses 4 to 12 of the ISO/IEC 27005
  • Implementation phases of the ISO/IEC 27005 framework
  • Continual improvement of risk management
  • Conducting an ISO/IEC 27005 certification audit

Day 2: Identification and assessment of risk management in information security according to ISO/IEC 27005, and Certification Exam

  • Risk identification and evaluation
  • Documentation of a risk management program in an information technology environment
  • Monitoring and reviewing the risk management controls
  • Examples of  implementation of risk management controls based on ISO/IEC 27005 best practices
  • Certification Exam

This training is based on both theory and practice:

  • Sessions of lectures illustrated with examples based on real cases
  • Review exercises to assist the exam preparation
  • Practice test similar to the certification exam
  • The “PECB Certified ISO/IEC 27005 Foundation” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of  risk management in information security
    • Domain 2: Information Security Risk Management methods
  • The “PECB Certified ISO/IEC 27005 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 1 hour
  • For more information about the exam, refer to the PECB section on ISO/IEC 27005 Foundation Exam
  • A certificate of “PECB Certified ISO/IEC 27005 Foundation” will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential